Cloud CDN Global Urlmaps Should Accept Https Connections Only
More Info:
Cloud CDN global url maps should be configured to block HTTP connection and allow only HTTPS connections.Risk Level
HighAddress
SecurityCompliance Standards
GDPR, PCIDSS, NIST, HITRUST, NISTCSF, SOC2Triage and Remediation
Remediation
Using Console
Using Console
To remediate this misconfiguration for GCP using the GCP console, follow these steps:
- Open the GCP console and navigate to the Cloud CDN page.
- Select the Global URL Maps tab.
- Click on the name of the URL map that you want to modify.
- Click on the Edit button at the top of the page.
- In the Edit URL map page, scroll down to the Host and Path Rules section.
- Click on the Add Host and Path Rule button.
- In the new rule, set the Host to ”*” to match all hosts.
- Set the Path to ”/*” to match all paths.
- Set the Backend service to the appropriate backend service for your application.
- Under the Protocol section, select HTTPS from the dropdown menu.
- Click on the Save button to save the changes.
Using CLI
Using CLI
To remediate the misconfiguration of Cloud CDN Global Urlmaps accepting only HTTPS connections in GCP using GCP CLI, follow the below steps:Step 1: Open the Google Cloud Console and select the project where the Cloud CDN is configured.Step 2: Open the Cloud Shell by clicking on the icon in the top right corner of the console.Step 3: Run the following command to list all the existing URL maps in the project:Step 4: Identify the URL map that needs to be remediated.Step 5: Run the following command to update the URL map to accept only HTTPS connections:Replace [URL_MAP_NAME] with the name of the URL map that needs to be updated and [BACKEND_SERVICE_NAME] with the name of the backend service associated with the URL map.Step 6: Verify that the URL map has been updated successfully by running the following command:This command should return the updated URL map configuration, which should include the “sslPolicy” field set to “global-ssl-policy”.By following these steps, you can remediate the misconfiguration of Cloud CDN Global Urlmaps accepting only HTTPS connections in GCP using GCP CLI.
Using Python
Using Python
To remediate the misconfiguration “Cloud CDN Global Urlmaps Should Accept Https Connections Only” for GCP using Python, you can follow the below steps:By following these steps, you can remediate the misconfiguration “Cloud CDN Global Urlmaps Should Accept Https Connections Only” for GCP using Python.
- Install the required packages:
- Authenticate with GCP:
- Get the list of existing global URL maps:
- For each URL map, check if it has an HTTPS forwarding rule:
- If a URL map does not have an HTTPS forwarding rule, update it: