Ensure HTTPS is enabled for Azure Windows Function App

MEDIUM

Description

Azure Windows Function App allows HTTP access, this may lead to MiTM and a host of other attacks.

Remediation

In Azure Console -

Open the Azure Portal and go to Function App.
Choose the Function App you wish to edit.
Under Settings, select Configuration, then the General Settings tab.
Set HTTPS Only to on.

In Terraform -

In the azurerm_windows_function_app resource, set https_only to true.

References:
https://learn.microsoft.com/en-us/azure/azure-functions/
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/windows_function_app#https_only

Policy Details

Rule Reference ID: AC_AZURE_0121

CSP: Azure

Remediation Available: Yes

Domain: Infrastructure Security

Resource: azurerm_windows_function_app

Resource Category: Serverless

Resource Type: Function App

Frameworks

GDPR
HIPAA
NIST-800-171
NIST-800-53
NIST-CSF
PCI-DSSv3.2.1
PCI-DSSv4.0
SOC2