HTTP Port Open To Internet
- Query id: ffac8a12-322e-42c1-b9b9-81ff85c39ef7
- Query name: HTTP Port Open To Internet
- Platform: Terraform
- Severity: High
- Category: Networking and Firewall
- URL: Github
Description¶
The HTTP port is open to the internet in a Security Group
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Postitive test num. 1 - tf file
resource "aws_security_group" "positive1" {
name = "http_positive_tcp_1"
description = "Gets the HTTP port open with the tcp protocol"
ingress {
description = "HTTP port open"
from_port = 78
to_port = 91
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
}
resource "aws_security_group" "positive2" {
name = "http_positive_tcp_2"
description = "Gets the HTTP port open with the tcp protocol"
ingress {
description = "HTTP port open"
from_port = 60
to_port = 85
protocol = "tcp"
cidr_blocks = ["0.0.0.2/0"]
}
ingress {
description = "HTTP port open"
from_port = 65
to_port = 81
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
}
Code samples without security vulnerabilities¶
Negative test num. 1 - tf file
resource "aws_security_group" "negative1" {
name = "negative_http"
description = "Doesn't get the HTTP port open"
}
resource "aws_security_group" "negative2" {
ingress {
from_port = 70
to_port = 81
protocol = "tcp"
}
}
resource "aws_security_group" "negative3" {
ingress {
from_port = 79
to_port = 100
protocol = "tcp"
cidr_blocks = ["0.1.0.0/0"]
}
}