Web App Accepting Traffic Other Than HTTPS

  • Query id: eb8c2560-8bee-4248-9d0d-e80c8641dd91
  • Query name: Web App Accepting Traffic Other Than HTTPS
  • Platform: Ansible
  • Severity: High
  • Category: Insecure Configurations
  • URL: Github

Description

Web app should only accept HTTPS traffic in Azure Web App Service.
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - yaml file
- name: Create a windows web app with non-exist app service plan
  azure_rm_webapp:
    resource_group: myResourceGroup
    name: myWinWebapp
    https_only: false
    plan:
      resource_group: myAppServicePlan_rg
      name: myAppServicePlan
      is_linux: false
      sku: S1
- name: Create another windows web app
  azure_rm_webapp:
    resource_group: myResourceGroup
    name: myWinWebapp
    plan:
      resource_group: myAppServicePlan_rg
      name: myAppServicePlan
      is_linux: false
      sku: S1

Code samples without security vulnerabilities

Negative test num. 1 - yaml file
- name: Create a windows web app with non-exist app service plan
  azure_rm_webapp:
    resource_group: myResourceGroup
    name: myWinWebapp
    https_only: true
    plan:
      resource_group: myAppServicePlan_rg
      name: myAppServicePlan
      is_linux: false
      sku: S1