Skip to content

z ENABLING APP SERVICE CONFIGURATION.

Tony Wildish edited this page Oct 21, 2024 · 1 revision

ENABLING APP SERVICE CONFIGURATION. WEAKNESS: The penetration testing reveals that the default configuration of the SDE App Service for the Air Lock Notifier is weak, particularly that it permits interactions over unencrypted HTTP protocol. Findings: This is the default configuration of the SDE Airlock Notifier. It by default disabled the HTTPS only flag by setting its value to “off”.

image

Solution: The solution to fix this is to manually set this flag to “on”. STEPS.

  1. Login to the Organization’s Azure Tenancy “BH-LS-PMP TRE” using the Azure Portal.
  2. Within Azure Portal, Search for “Logic apps” And click on it.

image

  1. On the Logic apps page, click on the “airlock-notifier-app-sdebeta” logic app.

image

  1. On the “airlock-notifier-app-sdebeta” logic app page, click on “configuration” which is under “settings”. Select the “on” option and click on the “save” button.

image