Ensure Application Gateway is using Https protocol

Application Gateway allows to set network protocols Http and Https. It is highly recommended to use Https protocol for secure connections.

Risk Level: High
Cloud Entity: Azure Application Gateway
CloudGuard Rule ID: D9.AZU.NET.36
Covered by Spectral: Yes
Category: Networking & Content Delivery


ApplicationGateway should have rules contain [ listener.protocol='Https' ]


From Portal

  1. Navigate to the Azure portal (https://portal.azure.com).
  2. Navigate to your Application Gateway resource.
  3. Click on the 'Listeners' blade.
  4. Click on the listener for which you want to enable HTTPS.
  5. In the 'Edit Listener' blade, under 'Protocol', select 'HTTPS'.
  6. In the 'Certificates' section, select the SSL certificate you want to use. If you don't have a certificate yet, you can create one or import one from a certificate authority.
  7. In the 'Backend HTTP settings' section, ensure that the 'HTTP settings' protocol is set to 'HTTPS' as well.
  8. Save your changes.

From TF

resource "azurerm_application_gateway" "example" {
	http_listener {
		protocol = "Https"

From Command Line
Use the below command to enable HTTPS for Application Gateway

az network application-gateway create --name Name --resource-group RESOURCEGROUP --http-settings-protocol Https


  1. https://learn.microsoft.com/en-us/cli/azure/network/application-gateway?view=azure-cli-latest#az-network-application-gateway-create
  2. https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/application_gateway
  3. https://learn.microsoft.com/en-us/azure/application-gateway/end-to-end-ssl-portal?source=recommendations

Azure Application Gateway

Azure Application Gateway gives you application-level routing and load balancing services that let you build a scalable and highly-available web front end in Azure. You control the size of the gateway and scale your deployment based on your needs.

Compliance Frameworks

  • AZU PCI-DSS 4.0
  • Azure CloudGuard Best Practices
  • Azure HITRUST v9.5.0
  • Azure NIST 800-53 Rev 5
  • CloudGuard Azure All Rules Ruleset