MEDIUM
Source
CloudSploit
ID
lb-https-only

LB HTTPS Only

Ensures load balancers are configured to only accept connections on HTTPS ports

For maximum security, load balancers can be configured to only accept HTTPS connections. Standard HTTP connections will be blocked. This should only be done if the client application is configured to query HTTPS directly and not rely on a redirect from HTTP.

Follow the appropriate remediation steps below to resolve the issue.

  1. Log into the Microsoft Azure Management Console.

  2. In the search bar at the top search for Load balancers and select the “Load balancer” from the results. Step

  3. Select the “Load balancer” by clicking on the “Name” link that needs to be configured to accept HTTPS connections only. Step

  4. On the “load balancer” page, scroll down the left navigation panel and choose the “Load balancing rules” option under “Settings”.Step

  5. On the “Load balancing rules” page if the “Load balancing rule” is showing as “TCP/80” then the selected “Load balancer” is configured to accept connections on HTTP ports.Step

  6. Click on the triple dots (…) at the end of HTTP rule row and click on “Delete”.Step

  7. Click “Yes” in the confirmation box that opens.Step

  8. Repeat the step number 3 - 7 to ensure that each load balancer only accepts HTTPS connections on port 443.