Expose frontend HTTP endpoints over HTTPS#
Security · Application Gateway · 2021_09
Application Gateways should only expose frontend HTTP endpoints over HTTPS.
Description#
Application Gateways support HTTP and HTTPS endpoints for backend and frontend traffic. When using frontend HTTP (80) endpoints, traffic between client and Application Gateway is not encrypted.
Unencrypted communication could allow disclosure of information to an un-trusted party.
Recommendation#
Consider configuring Application Gateways to only expose HTTPS endpoints. For client applications such as progressive web apps, consider redirecting HTTP traffic to HTTPS.
Links#
- Data encryption in Azure
- Create an application gateway with HTTP to HTTPS redirection using the Azure portal
- Azure template reference
Last update:
2021-07-25