Logo of Trend Micro
Use the Conformity Knowledge Base AI to help improve your Cloud Posture

Define index page suffix and error page for the bucket website configuration

Trend Cloud One™ – Conformity is a continuous assurance tool that provides peace of mind for your cloud infrastructure, delivering over 1000 automated best practice checks.

Risk Level: High (not acceptable risk)
Rule ID: CloudStorage-005

Ensure that website index (main) page suffix and error (404 not found) page are defined for your Google Cloud storage buckets with static website configuration. When you specify the main page suffix, if the suffix is set as "index.html," example.com will serve visitors the content from the object example.com/index.html if it exists. Additionally, if you specify an error (404 not found) page, if a user visits example.com/directory and neither that URL nor example.com/directory/index.html points to an object, the error page will be served.

This rule can help you with the following compliance standards:

  • NIST5

For further details on compliance standards supported by Conformity, see here.

This rule resolution is part of the Conformity Security & Compliance tool for GCP.

Security

Configuring the "website.mainPageSuffix" and "website.notFoundPage" properties for your static website hosted on a storage bucket in Google Cloud is vital for ensuring the desired behavior and optimal user experience. By setting these properties, you enhance the user-friendliness of your website and minimize the occurrence of errors or bounce rates. This configuration plays a key role in ensuring that your website behaves as expected, providing a seamless browsing experience for your visitors.

Audit

To determine if the static website configuration for your Google Cloud storage bucket includes the website index page suffix and error page, perform the following actions:

Using GCP Console

01 Sign in to Google Cloud Management Console.

02 Select the Google Cloud Platform (GCP) project that you want to examine from the console top navigation bar.

03 Navigate to Cloud Storage console available at https://console.cloud.google.com/storage.

04 In the main navigation panel, select Buckets to access the list with all the Cloud Storage buckets created for the selected GCP project.

05 Choose the storage bucket that you want to examine, click the overflow menu (i.e. 3-dot menu) associated with the bucket, and select Edit website configuration.

06 In the website configuration box, check the Index (main) page suffix and Error (404 not found) page fields to determine if the bucket website configuration specifies the index page suffix and error page for the hosted website. If both Index (main) page suffix and Error (404 not found) page fields are empty, the index page suffix and error page are not defined in the static website configuration set for the selected Google Cloud Storage bucket.

07 Repeat steps no. 5 and 6 for each storage bucket that you want to examine, created for the selected GCP project.

08 Repeat steps no. 2 – 7 for each project deployed in your Google Cloud Platform (GCP) account.

Using GCP CLI

01 Run projects list command (Windows/macOS/Linux) with custom query filters to list the ID of each Google Cloud Platform (GCP) project available in your cloud account: 

gcloud projects list 
  --format="table(projectId)"

02 The command output should return the requested GCP project ID(s): 

PROJECT_ID
cc-web-project-112233
cc-data-project-111222

03 Run gsutil ls command (using gsutil Python tool) to list the identifier of each Cloud Storage bucket created for the specified GCP project: 

gsutil ls -p cc-web-project-112233

04 The command output should return the requested storage resource name(s): 

gs://trendmicro.com/
gs://cc-logs-bucket/

05 Run gsutil web get command (using gsutil tool) using the name of the Cloud Storage bucket that you want to examine as the identifier parameter, to describe the static website configuration available for the selected bucket: 

gsutil web get gs://trendmicro.com

06 The command output should return the requested configuration information: 

gs://trendmicro-com/ has no website configuration.

If the gsutil web get command output returns "[storage-bucket] has no website configuration.", where [storage-bucket] is the name of the verified bucket, or the command output does not return values for both "notFoundPage" and "mainPageSuffix" configuration attributes, the index page suffix and error page are not defined in the static website configuration for the selected Google Cloud Storage bucket.

07 Repeat steps no. 5 and 6 for each storage bucket that you want to examine, available in the selected GCP project.

08 Repeat step no. 1 – 7 for each GCP project created within your Google Cloud Platform (GCP) account.

Remediation / Resolution

To define the index (main) page suffix and error (404 not found) page for your bucket website configuration, perform the following actions:

Using GCP Console

01 Sign in to Google Cloud Management Console.

02 Select the Google Cloud Platform (GCP) project that you want to examine from the console top navigation bar.

03 Navigate to Cloud Storage console available at https://console.cloud.google.com/storage.

04 In the main navigation panel, select Buckets to access the list with all the Cloud Storage buckets provisioned for the selected GCP project.

05 Choose the storage bucket that you want to examine, click the overflow menu (i.e. 3-dot menu) associated with the bucket, and select Edit website configuration.

06 In the website configuration box, provide a suffix to append to the URL when visitors request your website top-level domain or URLs without associated objects in the Index (main) page suffix field and specify a 404 Not Found page to serve when visitors request a URL that directs to no object or the index page in the Error (404 not found) page field. Choose SAVE to apply the changes.

07 Repeat steps no. 5 and 6 for each storage bucket that you want to reconfigure, created for the selected GCP project.

08 Repeat steps no. 2 – 7 for each project deployed in your Google Cloud Platform (GCP) account.

Using GCP CLI

01 Run gsutil web set command (using gsutil Python tool) using the name of the Google Cloud Storage bucket that you want to reconfigure as the identifier parameter, to define the index (main) page suffix and error (404 not found) page for the static website configuration set for the selected bucket: 

gsutil web set -m "index.html" -e "404.html" gs://trendmicro.com

02 If successful, the command output should return the gsutil web set request status: 

Setting website configuration on gs://trendmicro-com/...

03 Run gsutil web get command (using gsutil tool) using the name of the reconfigured bucket as the identifier parameter, to describe the current static website configuration available for the selected bucket: 

gsutil web get gs://trendmicro.com

04 The command output should return the requested configuration information. If the website configuration has been successfully applied, both "notFoundPage" and "mainPageSuffix" attributes should return values: 

{
	"mainPageSuffix": "index.html",
	"notFoundPage": "404.html"
}

05 Repeat steps no. 1 – 4 for each storage bucket that you want to reconfigure, available in the selected GCP project.

06 Repeat steps no. 1 – 5 for each project created within your Google Cloud Platform (GCP) account.

References

Publication date May 25, 2023

Related CloudStorage rules