Azure Application Gateway listener(s) with insecure protocol for trusted certificates

Network misconfigurations

Azure Application Gateway listener(s) with insecure protocol for trusted certificates

Risk Level

Informational (4)

Platform(s)

Compliance Frameworks

Brazilian General Data Protection (LGPD)
CCM-CSA
CCPA
cis_8
CPRA
hdh
ISO 27701
ISO/IEC 27001
Microsoft Cloud Security Benchmark
New Zealand Information Security Manual
NIST 800-171
NIST 800-53
PDPA
UK Cyber Essentials

Description

Azure Application Gateway is a web traffic load balancer that enables you to manage traffic to your web applications, offering various Layer 7 load-balancing capabilities. TLS (Transport Layer Security)/SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and encrypted. The Azure Application Gateway - {AzureApplicationGateway} has a listener(s) without SSL enabled, for example - {AzureApplicationGateway.HttpListeners.Name}. For more information about SSL with Azure Application Gateway - https://docs.microsoft.com/en-us/azure/application-gateway/ssl-overview

Recommended Mitigation

It is recommended to review the Azure Application Gateway configuration and if needed enable HTTPS/SSL. For more information - <a href="https://docs.microsoft.com/en-us/azure/application-gateway/create-ssl-portal." target="_blank" rel="noopener noreferrer">https://docs.microsoft.com/en-us/azure/application-gateway/create-ssl-portal.</a>

Azure Application Gateway listener(s) with insecure protocol for trusted certificates

Description

Need help?

CLOUD SECURITY PLATFORM

TECHNOLOGY ECOSYSTEM

By Solution

By Industry

COMPARISONS