Azure App Service Web app client certificate is disabled
Description
Client certificates allow the Web App to require a certificate for incoming requests. Only clients that have a valid certificate will be able to reach the app. The TLS mutual authentication technique in enterprise environments ensures the authenticity of clients to the server. If incoming client certificates are enabled only an authenticated client with valid certificates can access the app.
Code Example
go
resource "azurerm_app_service" "example" {
...
+ client_cert_enabled = true
}Remediation
- Azure Portal To change the policy using the Azure Portal, follow these steps:*
. Log in to the Azure Portal at https://portal.azure.com.
. Navigate to * App Services*.
. For each Web App, click* App*. + a) Navigate to *Setting *section. + b) Click * SSL Settings. + c) Navigate to *Protocol Settings section. + d) Set * Incoming client certificates to * On.
- CLI Command*
To set Incoming client certificates value for an existing app, use the following command:
az webapp update --resource-group & lt;RESOURCE_GROUP_NAME> --name & lt;APP_NAME> --set clientCertEnabled=true
=== Fix - Buildtime
Terraform
- Resource: azurerm_app_service
- Arguments: client_cert_enabled
Rule Details
| Field | Value |
|---|---|
| ID | IAC-0528 |
| Severity | INFO |
| IaC Type | arm |
| Frameworks | ARM, |
| Checkov ID | CKV_AZURE_17 |