Detections
Analytics

Ensure end-to-end TLS is enabled to encrypt and securely transmit sensitive data to the backend for Azure Application Gateway

MEDIUM

Description

Enabling end-to-end TLS encryption can help keep data in-transit protected. In addition, using the latest version of TLS and modern ciphers can help keep data in-transit protected from man-in-the-middle and similar attacks.

Remediation

In Azure Console -

  1. Open the Azure Portal and go to Application Gateways.
  2. Select the gateway you wish to edit.
  3. Select HTTP settings, Azure has created some default settings.
  4. Under protocol select HTTPS and follow rest of the prompts for certificate creation or selection.

In terraform -

  1. In the azurerm_application_gateway resource, set the value of 'protocol' in 'http_listener' and 'backend_http_settings' to 'https'.

References:
https://learn.microsoft.com/en-us/azure/application-gateway/end-to-end-ssl-portal
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/application_gateway

Policy Details

Rule Reference ID: AC_AZURE_0188
CSP: Azure
Remediation Available: Yes
Domain: Infrastructure Security
Resource: azurerm_application_gateway
Resource Category: Virtual Network
Resource Type: Application Gateway

Frameworks