Ensure Application Gateway is using Https protocol

Risk Level: High
Cloud Entity: Azure Application Gateway
CloudGuard Rule ID: D9.AZU.NET.36
Covered by Spectral: Yes
Category: Networking & Content Delivery

GSL LOGIC

ApplicationGateway should have rules contain [ listener.protocol='Https' ]

REMEDIATION

From Portal

1. Navigate to the Azure portal (https://portal.azure.com).
2. Navigate to your Application Gateway resource.
3. Click on the 'Listeners' blade.
4. Click on the listener for which you want to enable HTTPS.
5. In the 'Edit Listener' blade, under 'Protocol', select 'HTTPS'.
6. In the 'Certificates' section, select the SSL certificate you want to use. If you don't have a certificate yet, you can create one or import one from a certificate authority.
7. In the 'Backend HTTP settings' section, ensure that the 'HTTP settings' protocol is set to 'HTTPS' as well.
8. Save your changes.

From TF

resource "azurerm_application_gateway" "example" {
	http_listener {
		protocol = "Https"
	}
}

From Command Line
Use the below command to enable HTTPS for Application Gateway
Run

az network application-gateway create --name Name --resource-group RESOURCEGROUP --http-settings-protocol Https

References

1. https://learn.microsoft.com/en-us/cli/azure/network/application-gateway?view=azure-cli-latest#az-network-application-gateway-create
2. https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/application_gateway
3. https://learn.microsoft.com/en-us/azure/application-gateway/end-to-end-ssl-portal?source=recommendations

Azure Application Gateway

Azure Application Gateway gives you application-level routing and load balancing services that let you build a scalable and highly-available web front end in Azure. You control the size of the gateway and scale your deployment based on your needs.

Compliance Frameworks

• AZU PCI-DSS 4.0
• Azure CloudGuard Best Practices
• Azure HITRUST v9.5.0
• Azure NIST 800-53 Rev 5
• CloudGuard Azure All Rules Ruleset