Ensure Azure web app redirects all HTTP traffic to HTTPS in Azure App Service Slot

Error: Azure web app does not redirect all HTTP traffic to HTTPS in Azure App Service Slot

Bridgecrew Policy ID: BC_AZR_NETWORKING_50
Checkov Check ID: CKV_AZURE_153
Severity: LOW

Azure web app does not redirect all HTTP traffic to HTTPS in Azure App Service Slot

Description

Redirecting all HTTP traffic to HTTPS for your Azure web app in the App Service slot can help improve the security of your app. HTTPS is a secure protocol that encrypts data in transit, and using it can help prevent attackers from intercepting and reading your data.

Fix - Runtime

Fix - Buildtime

Terraform

  • Resource: azurerm_app_service_slot
  • Argument: https_only (true is default)
resource "azurerm_app_service_slot" "pass" {
  name                = random_id.server.hex
  app_service_name    = azurerm_app_service.example.name
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name
  app_service_plan_id = azurerm_app_service_plan.example.id

  https_only = true #thedefault
  min_tls_version="1.1" #the default is 1.2
  remote_debugging_enabled=true #default is false

  site_config {
    dotnet_framework_version = "v4.0"
  }

  app_settings = {
    "SOME_KEY" = "some-value"
  }

  connection_string {
    name  = "Database"
    type  = "SQLServer"
    value = "Server=some-server.mydomain.com;Integrated Security=SSPI"
  }
}