Web App Accepting Traffic Other Than HTTPS
- Query id: 11e9a948-c6c3-4a0f-8dcf-b5cf1763cdbe
- Query name: Web App Accepting Traffic Other Than HTTPS
- Platform: Terraform
- Severity: Medium
- Category: Insecure Configurations
- CWE: 319
- Risk score: 6.8
- URL: Github
Description¶
Web app should only accept HTTPS traffic in Azure Web App Service.
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "azurerm_app_service" "positive1-1" {
name = "example-app-service"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
app_service_plan_id = azurerm_app_service_plan.example.id
site_config {
dotnet_framework_version = "v4.0"
scm_type = "LocalGit"
}
https_only = false
}
resource "azurerm_app_service" "positive1-2" {
name = "example-app-service"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
app_service_plan_id = azurerm_app_service_plan.example.id
site_config {
dotnet_framework_version = "v4.0"
scm_type = "LocalGit"
}
}
Positive test num. 2 - tf file
resource "azurerm_linux_web_app" "positive2-1" {
name = "example-app-service"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
service_plan_id = azurerm_linux_web_app_plan.example.id
site_config {
dotnet_framework_version = "v4.0"
scm_type = "LocalGit"
}
https_only = false
}
resource "azurerm_linux_web_app" "positive2-2" {
name = "example-app-service"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
service_plan_id = azurerm_linux_web_app_plan.example.id
site_config {
dotnet_framework_version = "v4.0"
scm_type = "LocalGit"
}
}
Positive test num. 3 - tf file
resource "azurerm_windows_web_app" "positive3-1" {
name = "example-app-service"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
service_plan_id = azurerm_windows_web_app_plan.example.id
site_config {
dotnet_framework_version = "v4.0"
scm_type = "LocalGit"
}
https_only = false
}
resource "azurerm_windows_web_app" "positive3-2" {
name = "example-app-service"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
service_plan_id = azurerm_windows_web_app_plan.example.id
site_config {
dotnet_framework_version = "v4.0"
scm_type = "LocalGit"
}
}
Code samples without security vulnerabilities¶
Negative test num. 1 - tf file
resource "azurerm_app_service" "negative1" {
name = "example-app-service"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
app_service_plan_id = azurerm_app_service_plan.example.id
site_config {
dotnet_framework_version = "v4.0"
scm_type = "LocalGit"
}
https_only = true
}
Negative test num. 2 - tf file
resource "azurerm_linux_web_app" "negative2" {
name = "example-app-service"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
service_plan_id = azurerm_app_service_plan.example.id
site_config {
dotnet_framework_version = "v4.0"
scm_type = "LocalGit"
}
https_only = true
}
Negative test num. 3 - tf file
resource "azurerm_windows_web_app" "negative3" {
name = "example-app-service"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
service_plan_id = azurerm_app_service_plan.example.id
site_config {
dotnet_framework_version = "v4.0"
scm_type = "LocalGit"
}
https_only = true
}