CDN endpoint allows unencrypted traffic

Security · Content Delivery Network · Rule · 2020_06 · Important

Unencrypted communication could allow disclosure of information to an untrusted party.

Description

When a client connect to CDN content it can use HTTP or HTTPS. Support for both HTTP and HTTPS is enabled by default. When using HTTP, sensitive information may be exposed to an untrusted party.

Recommendation

Consider disabling HTTP support on the CDN endpoint origin.

Links

• SE:07 Encryption
• Configure HTTPS on an Azure CDN custom domain
• Azure deployment reference

Comments