Ensure that your Azure App Service web applications redirect all non-secure HTTP traffic to HTTPS in order to encrypt the communication between applications and web clients. HTTPS uses the Secure Sockets Layer (SSL)/Transport Layer Security (TLS) protocol to provide a secure connection, which is both encrypted and authenticated. This adds an extra layer of security to the HTTP requests made to the web application.
This rule resolution is part of the Conformity Security & Compliance tool for Azure.
Enforcing HTTPS-only traffic for your Azure App Service applications, can guarantee that the encrypted traffic between the web application servers and the application clients cannot be decrypted by malicious users in case they are able to intercept packets sent across the Internet.
To determine if your Azure App Service web apps are configured to implement HTTPS-only traffic, perform the following actions:
Remediation / Resolution
To enforce HTTPS-only traffic for your Microsoft Azure App Service web applications in order to redirect all HTTP traffic to HTTPS (Secure HTTP), perform the following actions:
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Enable HTTPS-Only Traffic
Risk level: Medium