Ensure compression is enabled for Azure CDN Endpoint

MEDIUM

Description

Keeping compression disabled for CDN will make the application slow, which will end up hogging more network resources.

Remediation

Compression cannot be specifically enabled or disabled in the Azure Console, however to optimize for larger file downloads there are several options. General Azure CDN functionality with General Web Content optimization will be configured by default to provide large files with various methods for ensuring complete delivery without file size limitations. For optimizing CDN from Akamai profiles, see the Azure documentation. To create an optimized endpoint profile, see the steps below.

In Azure Console -

Open the Azure Portal and go to Front Door and CDN profiles.
Select the CDN you wish to edit.
Under Overview, create a new Endpoint.
Ensure that the Optimized for field states General Web Content.

In Terraform -

In the azurerm_cdn_endpoint resource, set is_compression_enabled to true.

References:
https://learn.microsoft.com/en-us/azure/cdn/cdn-optimization-overview#large-file-download
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cdn_endpoint

Policy Details

Rule Reference ID: AC_AZURE_0198

CSP: Azure

Remediation Available: Yes

Domain: Resilience

Resource: azurerm_cdn_endpoint

Resource Category: Virtual Network

Resource Type: CDN Endpoint

Frameworks

GDPR
NIST-800-171
NIST-800-53
NIST-CSF
HIPAA

Detections

Analytics