Control: Web Application should only be accessible over HTTPS
Description
Use of HTTPS ensures server/service authentication and protects data in transit from network layer eavesdropping attacks.
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.appservice_web_app_use_httpsSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.appservice_web_app_use_https --shareSQL
This control uses a named query:
select app.id as resource, case when not https_only then 'alarm' else 'ok' end as status, case when not https_only then name || ' does not redirect all HTTP traffic to HTTPS.' else name || ' redirects all HTTP traffic to HTTPS.' end as reason , app.resource_group as resource_group , sub.display_name as subscriptionfrom azure_app_service_web_app as app, azure_subscription as subwhere sub.subscription_id = app.subscription_id;