To remediate the misconfiguration of Cloud CDN Global Urlmaps accepting only HTTPS connections in GCP using GCP CLI, follow the below steps:Step 1: Open the Google Cloud Console and select the project where the Cloud CDN is configured.Step 2: Open the Cloud Shell by clicking on the icon in the top right corner of the console.Step 3: Run the following command to list all the existing URL maps in the project:
Copy
Ask AI
gcloud compute url-maps list
Step 4: Identify the URL map that needs to be remediated.Step 5: Run the following command to update the URL map to accept only HTTPS connections:
Replace [URL_MAP_NAME] with the name of the URL map that needs to be updated and [BACKEND_SERVICE_NAME] with the name of the backend service associated with the URL map.Step 6: Verify that the URL map has been updated successfully by running the following command:
Copy
Ask AI
gcloud compute url-maps describe [URL_MAP_NAME]
This command should return the updated URL map configuration, which should include the “sslPolicy” field set to “global-ssl-policy”.By following these steps, you can remediate the misconfiguration of Cloud CDN Global Urlmaps accepting only HTTPS connections in GCP using GCP CLI.
Using Python
To remediate the misconfiguration “Cloud CDN Global Urlmaps Should Accept Https Connections Only” for GCP using Python, you can follow the below steps:
For each URL map, check if it has an HTTPS forwarding rule:
Copy
Ask AI
for url_map in url_maps: https_forwarding_rule = None for forwarding_rule in url_map.host_rules[0].path_matchers[0].route_rules[0].forward_action.https_redirect.action: if forwarding_rule.https_redirect: https_forwarding_rule = forwarding_rule break if not https_forwarding_rule: print(f'URL map "{url_map.name}" does not have an HTTPS forwarding rule')
If a URL map does not have an HTTPS forwarding rule, update it:
Copy
Ask AI
for url_map in url_maps: https_forwarding_rule = None for forwarding_rule in url_map.host_rules[0].path_matchers[0].route_rules[0].forward_action.https_redirect.action: if forwarding_rule.https_redirect: https_forwarding_rule = forwarding_rule break if not https_forwarding_rule: url_map.host_rules[0].path_matchers[0].route_rules[0].forward_action.https_redirect.action.append( cdn_v1beta1.HttpsRedirectAction()) client.update_url_map(url_map=url_map, update_mask=['host_rules.path_matchers.route_rules.forward_action.https_redirect.action']) print(f'URL map "{url_map.name}" has been updated to only accept HTTPS connections')
By following these steps, you can remediate the misconfiguration “Cloud CDN Global Urlmaps Should Accept Https Connections Only” for GCP using Python.