Cdn global urlmaps accept https only remediation

Using Console

Using CLI

To remediate the misconfiguration of Cloud CDN Global Urlmaps accepting only HTTPS connections in GCP using GCP CLI, follow the below steps:Step 1: Open the Google Cloud Console and select the project where the Cloud CDN is configured.Step 2: Open the Cloud Shell by clicking on the icon in the top right corner of the console.Step 3: Run the following command to list all the existing URL maps in the project:

gcloud compute url-maps list

Step 4: Identify the URL map that needs to be remediated.Step 5: Run the following command to update the URL map to accept only HTTPS connections:

gcloud compute url-maps update [URL_MAP_NAME] --default-service [BACKEND_SERVICE_NAME] --ssl-policy=global-ssl-policy

Replace [URL_MAP_NAME] with the name of the URL map that needs to be updated and [BACKEND_SERVICE_NAME] with the name of the backend service associated with the URL map.Step 6: Verify that the URL map has been updated successfully by running the following command:

gcloud compute url-maps describe [URL_MAP_NAME]

This command should return the updated URL map configuration, which should include the “sslPolicy” field set to “global-ssl-policy”.By following these steps, you can remediate the misconfiguration of Cloud CDN Global Urlmaps accepting only HTTPS connections in GCP using GCP CLI.

Using Python

To remediate the misconfiguration “Cloud CDN Global Urlmaps Should Accept Https Connections Only” for GCP using Python, you can follow the below steps:

Install the required packages:

!pip install google-cloud-cdn
!pip install google-auth google-auth-oauthlib google-auth-httplib2

Authenticate with GCP:

from google.oauth2 import service_account
from google.cloud import cdn_v1beta1

credentials = service_account.Credentials.from_service_account_file('path/to/service_account.json')
client = cdn_v1beta1.GlobalForwardingRulesClient(credentials=credentials)

Get the list of existing global URL maps:

project_id = 'your-project-id'
location = 'global'

parent = f'projects/{project_id}/locations/{location}'
url_maps = client.list_url_maps(parent=parent)

For each URL map, check if it has an HTTPS forwarding rule:

for url_map in url_maps:
    https_forwarding_rule = None
    for forwarding_rule in url_map.host_rules[0].path_matchers[0].route_rules[0].forward_action.https_redirect.action:
        if forwarding_rule.https_redirect:
            https_forwarding_rule = forwarding_rule
            break
    if not https_forwarding_rule:
        print(f'URL map "{url_map.name}" does not have an HTTPS forwarding rule')

If a URL map does not have an HTTPS forwarding rule, update it:

for url_map in url_maps:
    https_forwarding_rule = None
    for forwarding_rule in url_map.host_rules[0].path_matchers[0].route_rules[0].forward_action.https_redirect.action:
        if forwarding_rule.https_redirect:
            https_forwarding_rule = forwarding_rule
            break
    if not https_forwarding_rule:
        url_map.host_rules[0].path_matchers[0].route_rules[0].forward_action.https_redirect.action.append(
                cdn_v1beta1.HttpsRedirectAction())
        client.update_url_map(url_map=url_map, update_mask=['host_rules.path_matchers.route_rules.forward_action.https_redirect.action'])
        print(f'URL map "{url_map.name}" has been updated to only accept HTTPS connections')

By following these steps, you can remediate the misconfiguration “Cloud CDN Global Urlmaps Should Accept Https Connections Only” for GCP using Python.

GCP Introduction

GCP Pricing

GCP Threats

GCP Misconfigurations

Resources

GCP Threats

Cdn global urlmaps accept https only remediation

Triage and Remediation

Remediation

GCP Introduction

GCP Pricing

GCP Threats

GCP Misconfigurations

Resources

GCP Threats

​Triage and Remediation

​Remediation

Triage and Remediation

Remediation