Patch 514 (#535)

* Creating fresh document for CDN profiles * Added all steps * Added new steps * Fixed quotation marks * Update detect-insecure-custom-origin.md * Apply suggestions from code review * Update en/azure/cdnprofiles/detect-insecure-custom-origin.md Co-authored-by: alphadev4 <[email protected]>
aquasecurity · Nov 4, 2022 · c87c45e · c87c45e
1 parent d242978
commit c87c45e
Show file tree

Hide file tree

Showing 7 changed files with 10 additions and 2 deletions.
diff --git a/en/azure/cdnprofiles/detect-insecure-custom-origin.md b/en/azure/cdnprofiles/detect-insecure-custom-origin.md
@@ -15,5 +15,13 @@
 | **Recommended Action** | Enable HTTPS and disable HTTP for each custom origin endpoint for each CDN profile. |
 
 ## Detailed Remediation Steps
-
-
+1. Log into the Microsoft Azure Management Console.
+2. Select the "Search resources, services, and docs" option at the top and search for CDN. Select "Front Door and CDN profiles".</br> <img src="/resources/azure/cdnprofiles/detect-insecure-custom-origin/step2.png"/>
+3. On the "Front Door and CDN profiles" page, click on the "Name" link to access the configuration changes.</br> <img src="/resources/azure/cdnprofiles/detect-insecure-custom-origin/step3.png"/>
+4. In the CDN details pane that opens, click on the "Endpoints" link under "Properties".</br> <img src="/resources/azure/cdnprofiles/detect-insecure-custom-origin/step4.png"/>
+5. On the endpoint management page that opens, click on "default-route" under "Routes" column to load the route configuration page.</br> <img src="/resources/azure/cdnprofiles/detect-insecure-custom-origin/step5.png"/>
+6. On the "Update route" page, check the value of "Accepted protocols" dropdown. If it is set to "HTTP only" or "HTTP and HTTPS" then the endpoint allows insecure traffic. This is a security threat.</br> <img src="/resources/azure/cdnprofiles/detect-insecure-custom-origin/step6.png"/>
+7. Click on the "Accepted protocols" dropdown and select "HTTPS only". This will configure the endpoint to accept only secure traffic.
+8. Ensure that the checkbox for "Redirect" is selected to "Redirect all traffic to use HTTPS".</br> <img src="/resources/azure/cdnprofiles/detect-insecure-custom-origin/step7.png"/>
+9. Click "Update" at the bottom of the page to save the changes.
+10. Repeat steps 4 - 9 for all other CDN endpoints.
diff --git a/resources/azure/cdnprofiles/detect-insecure-custom-origin/step2.png b/resources/azure/cdnprofiles/detect-insecure-custom-origin/step2.png
diff --git a/resources/azure/cdnprofiles/detect-insecure-custom-origin/step3.png b/resources/azure/cdnprofiles/detect-insecure-custom-origin/step3.png
diff --git a/resources/azure/cdnprofiles/detect-insecure-custom-origin/step4.png b/resources/azure/cdnprofiles/detect-insecure-custom-origin/step4.png
diff --git a/resources/azure/cdnprofiles/detect-insecure-custom-origin/step5.png b/resources/azure/cdnprofiles/detect-insecure-custom-origin/step5.png
diff --git a/resources/azure/cdnprofiles/detect-insecure-custom-origin/step6.png b/resources/azure/cdnprofiles/detect-insecure-custom-origin/step6.png
diff --git a/resources/azure/cdnprofiles/detect-insecure-custom-origin/step7.png b/resources/azure/cdnprofiles/detect-insecure-custom-origin/step7.png