1. Open the GCP console and navigate to the Cloud CDN page.
2. Click on the name of the CDN you want to remediate.
3. Click on the “Url maps” tab.
4. Select the URL map which you want to remediate.
5. Click on the “Edit” button at the top of the page.
6. In the “Host and path rules” section, select the rule which you want to remediate.
7. In the “Backend service” section, click on the “Advanced” dropdown.
8. Under “Frontend protocol”, select “HTTPS only”.
9. Click on the “Save” button to save the changes.
10. Repeat steps 6-9 for all the rules in the URL map.
11. Verify that the CDN regional URL maps are now accepting HTTPS connections only by testing it.

​

1. Open the Cloud Shell in the GCP Console.
2. Run the following command to list all the existing Cloud CDN UrlMaps:

gcloud compute url-maps list

3. Identify the name of the UrlMap that needs to be updated and run the following command to describe the details of the UrlMap:

gcloud compute url-maps describe [URL_MAP_NAME]

4. Identify the name of the backend service associated with the UrlMap and run the following command to describe the details of the backend service:

gcloud compute backend-services describe [BACKEND_SERVICE_NAME]

5. Identify the name of the health check associated with the backend service and run the following command to describe the details of the health check:

gcloud compute health-checks describe [HEALTH_CHECK_NAME]

6. If the health check is not already configured to use HTTPS, update the health check to use HTTPS by running the following command:

gcloud compute health-checks update [HEALTH_CHECK_NAME] --use-https

7. Update the UrlMap to accept HTTPS connections only by running the following command:

gcloud compute url-maps update [URL_MAP_NAME] --default-service [BACKEND_SERVICE_NAME] --ssl-policy=global-ssl-policy

8. Verify that the changes have been applied by running the following command:

gcloud compute url-maps describe [URL_MAP_NAME]

1. First, you need to install the Google Cloud SDK and authenticate to your GCP project using the command:

gcloud auth login

2. Next, you need to install the required Python libraries using the command:

pip install google-cloud-cdn

3. After that, you can use the following Python code to remediate the misconfiguration:

from google.cloud import cdn_v1beta1
from google.protobuf.field_mask_pb2 import FieldMask

client = cdn_v1beta1.UrlMapsClient()

# Replace [PROJECT_ID] with your GCP project ID
project_id = '[PROJECT_ID]'

# Replace [REGION] with the region where the urlmap is located
region = '[REGION]'

# Replace [URLMAP_NAME] with the name of the urlmap
urlmap_name = '[URLMAP_NAME]'

urlmap = client.get_url_map(request={'project_id': project_id, 'region': region, 'url_map': urlmap_name})

# Update the urlmap to accept only HTTPS connections
urlmap.default_url_redirect.https_redirect = True

# Update the urlmap using the FieldMask to only modify the https_redirect field
field_mask = FieldMask(paths=['default_url_redirect.https_redirect'])
client.update_url_map(request={'url_map': urlmap, 'update_mask': field_mask})

4. Finally, you can run the above Python code to remediate the misconfiguration of Cloud CDN Regional Urlmaps accepting only HTTPS connections in GCP.