Vulnerabilities
Misconfiguration
Runtime Security
Compliance
Azure > Load Balancer >

LB HTTPS Only

MEDIUM
Source
CloudSploit
ID
lb-https-only
management console

LB HTTPS Only

Ensures load balancers are configured to only accept connections on HTTPS ports

For maximum security, load balancers can be configured to only accept HTTPS connections. Standard HTTP connections will be blocked. This should only be done if the client application is configured to query HTTPS directly and not rely on a redirect from HTTP.

Follow the appropriate remediation steps below to resolve the issue.

  1. Log into the Microsoft Azure Management Console.

  2. In the search bar at the top search for Load balancers and select the “Load balancer” from the results. Step

  3. Select the “Load balancer” by clicking on the “Name” link that needs to be configured to accept HTTPS connections only. Step

  4. On the “load balancer” page, scroll down the left navigation panel and choose the “Load balancing rules” option under “Settings”.Step

  5. On the “Load balancing rules” page if the “Load balancing rule” is showing as “TCP/80” then the selected “Load balancer” is configured to accept connections on HTTP ports.Step

  6. Click on the triple dots (…) at the end of HTTP rule row and click on “Delete”.Step

  7. Click “Yes” in the confirmation box that opens.Step

  8. Repeat the step number 3 - 7 to ensure that each load balancer only accepts HTTPS connections on port 443.

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use