Detections
Analytics

Ensure HTTPS is enabled for Azure Function App

MEDIUM

Description

Azure Function App allows HTTPS access to be required when accessing the function. This is considered best practice and can help protect sensitive data in-transit. Using HTTPS for communication is also often required by compliance frameworks and regulations.

Remediation

In Azure Console -

  1. Open the Azure Portal and go to Function App.
  2. Choose the Function App you wish to edit.
  3. Under Settings, select TLS/SSL Settings.
  4. Under Protocol Settings, set HTTPS Only to on.

In Terraform -
For Azure Provider versions prior to v4.x (deprecated in favor of azurerm_linux_function_app and azurerm_windows_function_app resources):

  1. In the azurerm_function_app resource, set https_only to true.

References:
https://learn.microsoft.com/en-us/azure/azure-functions/
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/function_app#https_only

Policy Details

Rule Reference ID: AC_AZURE_0178
CSP: Azure
Remediation Available: Yes
Domain: Infrastructure Security
Resource: azurerm_function_app
Resource Category: Serverless
Resource Type: Function App

Frameworks