Ensure HTTPS is enabled for Azure Linux Function App

MEDIUM

Description

Azure Linux Function App allows HTTP access, this may lead to MiTM and a host of other attacks.

Remediation

In Azure Console -

Open the Azure Portal and go to Function App.
Choose the Function App you wish to edit.
Under Settings, select Configuration, then the General Settings tab.
Set HTTPS Only to on.

In Terraform -

In the azurerm_linux_function_app resource, set https_only to true.

References:
https://learn.microsoft.com/en-us/azure/azure-functions/
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/linux_function_app#https_only

Policy Details

Rule Reference ID: AC_AZURE_0114

CSP: Azure

Remediation Available: Yes

Domain: Infrastructure Security

Resource: azurerm_linux_function_app

Resource Category: Serverless

Resource Type: Function App

Frameworks

GDPR
HIPAA
NIST-800-171
NIST-800-53
NIST-CSF
PCI-DSSv3.2.1
PCI-DSSv4.0
SOC2