Function App should only be accessible over HTTPS

Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.

Risk Level: High
Cloud Entity: Azure functions
CloudGuard Rule ID: D9.AZU.CRY.23
Covered by Spectral: Yes
Category: Compute

GSL LOGIC

FunctionApp should have inner.httpsOnly=true

REMEDIATION

From Portal

  1. Sign on to Azure portal and navigate to 'Function App'
  2. Click on the name of the Function App service you want to examine
  3. In the navigation panel,under Settings, select 'TLS/SSL settings'
  4. In the 'HTTPS Only' toggle select ON

From TF
Set the 'https_only' argument to 'true':

resource 'azurerm_function_app' 'example' {
	..
	https_only = true
	..
}

Note: By default https_only is set to false

From Command Line
Run

az functionapp update --resource-group RESOURCEGROUPNAME --name FUNCTIONAPPNAME --set httpsOnly=true

References

  1. https://docs.microsoft.com/en-us/azure/azure-functions/security-concepts
  2. https://docs.microsoft.com/en-US/cli/azure/functionapp#az_functionapp_update
  3. https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/function_app

Azure functions

Azure Functions is a serverless solution that allows you to write less code, maintain less infrastructure, and save on costs. Instead of worrying about deploying and maintaining servers, the cloud infrastructure provides all the up-to-date resources needed to keep your applications running.

Compliance Frameworks

  • AZU PCI-DSS 4.0
  • Azure CSA CCM v.4.0.1
  • Azure CloudGuard Best Practices
  • Azure HITRUST v9.5.0
  • Azure ITSG-33
  • Azure NIST 800-53 Rev 5
  • Azure Security Risk Management
  • CloudGuard Azure All Rules Ruleset
  • Microsoft Cloud Security Benchmark