forked from microsoft/AzureTRE
-
Notifications
You must be signed in to change notification settings - Fork 0
z ENABLING APP SERVICE CONFIGURATION.
Tony Wildish edited this page Oct 21, 2024
·
1 revision
ENABLING APP SERVICE CONFIGURATION. WEAKNESS: The penetration testing reveals that the default configuration of the SDE App Service for the Air Lock Notifier is weak, particularly that it permits interactions over unencrypted HTTP protocol. Findings: This is the default configuration of the SDE Airlock Notifier. It by default disabled the HTTPS only flag by setting its value to “off”.
Solution: The solution to fix this is to manually set this flag to “on”. STEPS.
- Login to the Organization’s Azure Tenancy “BH-LS-PMP TRE” using the Azure Portal.
- Within Azure Portal, Search for “Logic apps” And click on it.
- On the Logic apps page, click on the “airlock-notifier-app-sdebeta” logic app.
- On the “airlock-notifier-app-sdebeta” logic app page, click on “configuration” which is under “settings”. Select the “on” option and click on the “save” button.