Cloud CDN Regional Urlmaps Should Accept Https Connections Only
More Info:
Cloud CDN regional url maps should be configured to block HTTP connection and allow only HTTPS connections.Risk Level
HighAddress
SecurityCompliance Standards
GDPR, PCIDSS, NIST, HITRUST, SOC2, NISTCSFTriage and Remediation
Remediation
Using Console
Using Console
To remediate this misconfiguration in GCP using GCP console, you can follow the below steps:
- Open the GCP console and navigate to the Cloud CDN page.
- Click on the name of the CDN you want to remediate.
- Click on the “Url maps” tab.
- Select the URL map which you want to remediate.
- Click on the “Edit” button at the top of the page.
- In the “Host and path rules” section, select the rule which you want to remediate.
- In the “Backend service” section, click on the “Advanced” dropdown.
- Under “Frontend protocol”, select “HTTPS only”.
- Click on the “Save” button to save the changes.
- Repeat steps 6-9 for all the rules in the URL map.
- Verify that the CDN regional URL maps are now accepting HTTPS connections only by testing it.
Using CLI
Using CLI
To remediate the Cloud CDN Regional Urlmaps to accept HTTPS connections only on GCP using GCP CLI, you can follow these steps:Note: The The output should show that the
- Open the Cloud Shell in the GCP Console.
- Run the following command to list all the existing Cloud CDN UrlMaps:
- Identify the name of the UrlMap that needs to be updated and run the following command to describe the details of the UrlMap:
- Identify the name of the backend service associated with the UrlMap and run the following command to describe the details of the backend service:
- Identify the name of the health check associated with the backend service and run the following command to describe the details of the health check:
- If the health check is not already configured to use HTTPS, update the health check to use HTTPS by running the following command:
- Update the UrlMap to accept HTTPS connections only by running the following command:
global-ssl-policy is a built-in SSL policy that enforces HTTPS connections only.- Verify that the changes have been applied by running the following command:
sslPolicy is set to global-ssl-policy.That’s it! You have successfully remediated the Cloud CDN Regional Urlmaps to accept HTTPS connections only on GCP using GCP CLI.Using Python
Using Python
To remediate the misconfiguration of Cloud CDN Regional Urlmaps accepting only HTTPS connections in GCP using Python, you can follow the below steps:
- First, you need to install the Google Cloud SDK and authenticate to your GCP project using the command:
- Next, you need to install the required Python libraries using the command:
- After that, you can use the following Python code to remediate the misconfiguration:
- Finally, you can run the above Python code to remediate the misconfiguration of Cloud CDN Regional Urlmaps accepting only HTTPS connections in GCP.