The web application has http traffic allowed

ID

azure_https_web_app

Severity

critical

Vendor

Azure

Resource

Encryption

Tags

reachable

Description

The web application has http traffic allowed. To allow only the https traffic the property https_only must be true.

Learn more about this topic at Azure web application https traffic.

Examples

---
- name: Example playbook
  hosts: localhost
  tasks:
    - name: Create a windows web app with non-exist app service plan
      azure_rm_webapp:
        resource_group: myResourceGroup
        name: myWinWebapp
        https_only: False
        plan:
          resource_group: myAppServicePlan_rg
          name: myAppServicePlan
          is_linux: false
          sku: S1

Mitigation / Fix

---
- name: Example playbook
  hosts: localhost
  tasks:
    - name: Create a windows web app with non-exist app service plan
      azure_rm_webapp:
        resource_group: myResourceGroup
        name: myWinWebapp
        https_only: True
        plan:
          resource_group: myAppServicePlan_rg
          name: myAppServicePlan
          is_linux: false
          sku: S1