Triage and Remediation
Remediation
Using Console
Using Console
To remediate the HTTPS Traffic Only misconfiguration in Azure using the Azure console, follow these steps:
- Log in to your Azure portal and navigate to the virtual machine that you want to remediate.
- Click on the “Networking” tab, and then click on the “Add inbound port rule” button.
- In the “Add inbound security rule” window, specify the following details:
- Name: A descriptive name for the rule
- Priority: A unique number to prioritize the rule
- Protocol: Select “TCP”
- Port range: Specify “443”
- Action: Select “Allow”
- Source: Select “Any” or specify the specific IP addresses or ranges that you want to allow
- Click on the “Add” button to create the rule.
- Repeat steps 2-4 for all the virtual machines in your Azure environment that require HTTPS traffic.
- Verify that HTTPS traffic is now allowed by accessing the virtual machine using HTTPS.
Using CLI
Using CLI
To remediate the misconfiguration of allowing only HTTPS traffic in Azure using Azure CLI, follow these steps:
- Open the Azure CLI in your terminal or command prompt.
-
Run the following command to get the name of the network security group (NSG) associated with the virtual machine (VM) that needs to be configured:
Note: Replace
<resource-group-name>and<vm-name>with the actual names of your resource group and VM respectively. -
Run the following command to get the name of the NSG rule that allows HTTP traffic:
Note: Replace
<resource-group-name>and<nsg-name>with the actual names of your resource group and NSG respectively. -
Run the following command to delete the NSG rule that allows HTTP traffic:
Note: Replace
<resource-group-name>,<nsg-name>and<nsg-rule-name>with the actual names of your resource group, NSG and NSG rule respectively. -
Run the following command to add a new NSG rule that allows only HTTPS traffic:
Note: Replace
<resource-group-name>and<nsg-name>with the actual names of your resource group and NSG respectively. -
Verify that the NSG rule has been added successfully by running the following command:
Note: Replace
<resource-group-name>and<nsg-name>with the actual names of your resource group and NSG respectively. - Verify that the VM is now accessible only over HTTPS by trying to access it over HTTP. If the remediation was successful, the connection should be refused.
Using Python
Using Python
To remediate the HTTPS traffic only misconfiguration in Azure using Python, you can follow these steps:Note: Make sure to replace the placeholders (
- Import the necessary libraries:
- Set up the credentials to authenticate with Azure:
- Instantiate the NetworkManagementClient:
- Get the network security group (NSG) that needs to be modified:
- Create a new security rule to allow HTTPS traffic only:
- Update the NSG with the new security rule:
- Verify that the NSG has been updated with the new security rule:
<subscription_id>, <client_id>, <client_secret>, <tenant_id>, <nsg_name>, and <nsg_resource_group>) with the actual values for your Azure environment.