Description
Azure Windows Function App allows HTTP access, this may lead to MiTM and a host of other attacks.
Remediation
In Azure Console -
- Open the Azure Portal and go to Function App.
- Choose the Function App you wish to edit.
- Under Settings, select Configuration, then the General Settings tab.
- Set HTTPS Only to on.
In Terraform -
- In the azurerm_windows_function_app resource, set https_only to true.
References:
https://learn.microsoft.com/en-us/azure/azure-functions/
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/windows_function_app#https_only
Policy Details
Rule Reference ID: AC_AZURE_0121
CSP: Azure
Remediation Available: Yes
Domain: Infrastructure Security
Resource: azurerm_windows_function_app
Resource Category: Serverless
Resource Type: Function App