Skip to main content
All CollectionsMonitoringTests
Test 269: Azure App Service Web App Redirects HTTP Traffic to HTTPS
Test 269: Azure App Service Web App Redirects HTTP Traffic to HTTPS

Drata validates that Web Apps in Azure App Service redirect non-secure HTTP traffic to HTTPS.

Updated over a month ago

Enabling HTTPS-only traffic will redirect all non-secure HTTP requests to HTTPS ports. HTTPS uses the TLS/SSL protocol to provide a secure connection which is both encrypted and authenticated. It is therefore important to support HTTPS for the security
benefits.

Note: Only available for Azure.

ASSOCIATED DRATA CONTROL

This test is part of the Encryption in Transit control (DCF-55) that ensures data in transit is encrypted using strong cryptographic algorithms.

WHAT TO DO IF A TEST FAILS

If Drata finds that one or more Web Apps do not redirect all HTTP traffic to HTTPS in Azure App Service, the test will fail. Enabling HTTPS-only traffic will redirect all non-secure HTTP requests to HTTPS ports. HTTPS uses the TLS/SSL protocol to provide a secure connection which is both encrypted and authenticated. It is therefore important to support HTTPS for the security benefits.

STEPS TO REMEDIATE

  1. Go to 'App Services'.

  2. Click on a failing Web App.

  3. Click on configuration.

  4. Under the 'HTTPS Only' heading select 'On' to enable https only.

  5. Click 'Save' at the top.

  6. Repeat for each failing Web App.

Center for Internet Security (CIS)

This is a test that aligns with the Center for Internet Security’s (CIS) benchmarks for Microsoft Azure, providing prescriptive guidance to establish a secure baseline configuration for Azure environments. These benchmarks are developed through a global, consensus-driven process involving cybersecurity experts to help organizations strengthen their defenses against potential threats in the cloud.

Did this answer your question?