Ensure that your Azure App Service web applications redirect all non-secure HTTP traffic to HTTPS in order to encrypt the communication between applications and web clients. HTTPS uses the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) protocol to provide a secure connection, which is both encrypted and authenticated. This adds an extra layer of security to the HTTP requests made to the web application.
This rule resolution is part of the Conformity Security & Compliance tool for Azure.
Enforcing HTTPS-only traffic for your Azure App Service applications, can guarantee that the encrypted traffic between the web application servers and the application clients cannot be decrypted by malicious users in case they are able to intercept packets sent across the Internet.
Audit
To determine if your Azure App Service web apps are configured to implement HTTPS-only traffic, perform the following actions:
Remediation / Resolution
To enforce HTTPS-only traffic for your Microsoft Azure App Service web applications in order to redirect all HTTP traffic to HTTPS (Secure HTTP), perform the following actions:
References
- Azure Official Documentation
- App Service
- Enforce HTTPS
- CIS Microsoft Azure Foundations
- Azure PowerShell Documentation
- az webapp
- az webapp show
- az webapp list
- az webapp update