Plugin Title LB HTTPS Only
Cloud AZURE
Category Load Balancer
Description Ensures load balancers are configured to only accept connections on HTTPS ports
More Info For maximum security, load balancers can be configured to only accept HTTPS connections. Standard HTTP connections will be blocked. This should only be done if the client application is configured to query HTTPS directly and not rely on a redirect from HTTP.
AWS Link https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-overview
Recommended Action Ensure that each load balancer only accepts connections on port 443.


Detailed Remediation Steps

  1. Log into the Microsoft Azure Management Console.
  2. Select the "Search resources, services, and docs" option at the top and search for Load balancers.
  3. Select the "Load balancer" by clicking on the "Name" as a link which needs to be configured only to accept connections on HTTPS ports.
  4. On the "load balancer" page, scroll down the left navigation panel and choose the "Load balancing rules" option under "Settings".
  5. On the "Load balancing rules" page if the "Load balancing rule" is showing as "TCP/80" then the selected "Load balancer" is configured to accept connections on HTTP ports.
  6. Repeat steps number 2 - 5 to verify other "Load balancers" in the account.
  7. Navigate to "Load Balancer", select the "Load balancer" by clicking on the "Name" as a link, scroll down the left navigation panel and choose "Load balancing rule."
  8. On the "Load balancing rule" page click on the "Name" as a link to access the configuration changes.
  9. Scroll down the "Load balancing rule" page and select the "Port" and "Backend Port" as 443 and save the changes.
  10. Repeat the steps number 7 - 9 to ensure that each load balancer only accepts connections on port 443.

Want to scan for this risk automatically?

Get Started Now