Ensure the Function App can only be accessed via HTTPS. The default is false.
| Property | |
|---|---|
| Language |  |
| Severity |  |
| Service | appservice |
| Provider | Azure |
| Vulnerability Type | omission |
Description#
The Function App is configured to accept connections over both HTTP and HTTPS, allowing unencrypted traffic by default. This exposes sensitive data to interception because HTTP does not encrypt communication between clients and the app.
Impact#
Allowing HTTP access enables attackers to intercept, read, or modify data in transit, potentially leading to credential theft, data leakage, and unauthorized access. This compromises the security and confidentiality of the application and its users.
Resolution#
You can redirect all HTTP requests to the HTTPS port.