Ensure Web App Redirects All HTTP traffic to HTTPS in Azure App Service
Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.
Risk Level: High
Cloud Entity: Web Apps service
CloudGuard Rule ID: D9.AZU.CRY.24
Covered by Spectral: Yes
Category: Compute
GSL LOGIC
WebApp should have inner.httpsOnly=true
REMEDIATION
From Portal
- Sign on to Azure App services
- Click on the name of the App service web application you want to examine
- In the navigation panel,under Settings, select 'TLS/SSL settings'
- In the 'HTTPS Only' toggle select ON
From TF
Set the 'https_only' argument to 'true':
resource 'azurerm_app_service' 'example' {
..
https_only = true
..
}
Note: By default https_only is set to false
From Command Line
Run
az webapp update --https-only true --name WEBAPPNAME --resource-group RESOURCEGROUPNAME
Note:If the setting status is Off, the selected Microsoft Azure App Service web application does not enforce HTTP to HTTPS redirection, thus its TLS/SSL configuration is not compliant.
References
- https://docs.microsoft.com/en-us/azure/app-service/configure-ssl-bindings
- https://docs.microsoft.com/en-us/cli/azure/webapp?view=azure-cli-latest
- https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/app_service#https_only
Web Apps service
Azure App Service is an HTTP-based service for hosting web applications, REST APIs, and mobile back ends. You can develop in your favorite language, be it .NET, .NET Core, Java, Ruby, Node.js, PHP, or Python. Applications run and scale with ease on both Windows and Linux-based environments.
Compliance Frameworks
- AZU PCI-DSS 4.0
- Azure CIS Foundations v. 1.3.1
- Azure CIS Foundations v. 1.4.0
- Azure CIS Foundations v. 1.5.0
- Azure CIS Foundations v.2.0
- Azure CSA CCM v.4.0.1
- Azure CloudGuard Best Practices
- Azure HITRUST v9.5.0
- Azure ITSG-33
- Azure NIST 800-53 Rev 5
- Azure Security Risk Management
- CloudGuard Azure All Rules Ruleset
- Microsoft Cloud Security Benchmark
Updated over 1 year ago