- PingSafe Knowledge Base
- Azure Knowledge Base
- App Services
-
Getting Started on PingSafe
-
Integrations
-
AWS Knowledge Base
- Amazon EKS
- Amazon RDS
- Amazon Kinesis
- AWS Organizations
- Amazon SQS (Simple Queue Service)
- AWS Cloudtrail
- AWS Certificate Manager
- AWS IAM
- AWS Workspaces
- Amazon S3
- AWS Systems Manager (AWS SSM)
- Amazon EC2
- Amazon Redshift
- Amazon EMR
- Amazon CloudFront
- Amazon DynamoDB
- Amazon Managed Workflows for Apache Airflow (MWAA)
- Amazon Route 53
- AWS Key Management Service (KMS)
- Amazon CloudWatch
- Amazon ElasticSearch
- AWS Database Migration Service
- AWS Config
- AWS X-Ray
- Amazon API Gateway
- Amazon Athena
- Amazon SageMaker
- AWS Elastic Load Balancing (ELB)
- AWS Lambda
- AWS Auto Scaling
- Amazon GuardDuty
- Amazon Elastic File System (Amazon EFS)
- Amazon Elastic Container Registry (Amazon ECR)
- AWS Glue
- Amazon Simple Notification Service (SNS)
- AWS Elastic Beanstalk
- AWS CodeBuild
- AWS Secrets Manager
- AWS Transfer Family
- Amazon Access Analyzer
-
Azure Knowledge Base
- Container Registries
- Azure Virtual Machines
- Network Security Group
- PostgreSQL
- Azure Monitor
- Azure Security Center
- SQL Databases
- SQL Servers
- Storage Accounts
- Azure Key Vaults
- Load Balancers
- App Services
- Azure Active Directory
- Activity Log
- Azure Policy
- Kubernetes Services
- Azure Resources
- Azure Cosmos DB
- CDN Profiles
- MySQL Servers
- Azure Virtual Network
- Azure Network Watcher
- Azure Cache for Redis
-
GCP Knowledge Base
- Google Cloud VPC
- Google Cloud IAM
- Google Cloud Load Balancing
- Google Cloud Logging
- Google Cloud Kubernetes Engine
- Google Cloud Pub/Sub
- Google Compute Engine
- Google Cloud Key Management Service (KMS)
- Google Cloud DNS
- Google Cloud Storage
- Google Cloud Dataproc
- Google Cloud SQL
- Google Cloud Spanner
- Google Cloud Deployment Manager
- Google Cloud BigQuery
- Google Cloud Dataflow
-
Digital Ocean Knowledge Base
HTTPS Only Disabled
Risk Level: Medium
Description
This plugin ensures that HTTPS Only is enabled for App Services, redirecting all HTTP traffic to HTTPS. Enabling HTTPS Only traffic will redirect all non-secure HTTP requests to HTTPS. HTTPS uses the SSL/TLS protocol to provide a secure connection.
About the Service
App Services: The app services at azure offers to host web applications, the REST API and backend services for mobile and web applications. Hosting web apps on Azure lets users focus on managing the application and its data.
Impact
As the HTTP protocol is not secured, the communication between the user and the application will always be prone to passive attacks which may further change to active attacks because the exchange will not be encrypted. Using HTTPS protocol not only will help in securing the sensitive information of your application users but the google rank for your web app or website will be relatively higher than the sites using the HTTP protocol.
Steps to Reproduce
Log in to the Azure portal.Click on App Services.
Steps for Remediation
- Log in to the Azure portal.
- Click on App Services.
- Select an App Service plan from the listed apps.
- Click on TLS/SSL settings under the Settings section.
- Select the ‘On’ option in front of HTTPS Only and you are all set.
- Repeat the steps for the rest of the applications as well where the TLS version is not set to the latest.
Please feel free to reach out to support@pingsafe.ai with any questions that you may have.
Thanks
PingSafe Support