Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Function App - 'Microsoft.Web/sites' should have client certificate authentication enabled #65

Open
Kaloszer opened this issue Oct 30, 2023 · 1 comment
Assignees
Labels
enhancement New feature or request roadmap To implement in a future release

Comments

@Kaloszer
Copy link
Contributor

https://stackoverflow.com/questions/64309694/how-to-decode-x-arr-clientcert-header-using-python?noredirect=1#comment113737180_64309694

Currently there is no support for client certificate - App Service will supply certificate but there's no code in place to validate that it is valid. This kicks in KICS analysis warning saying that:

Website with Client Certificate Auth Disabled, Severity: HIGH

Obviously said certificate can be enabled but it won't do anything at the moment.

It would be nice to add certificate validation for this reason.

@cudeso cudeso added the enhancement New feature or request label Nov 6, 2023
@cudeso cudeso self-assigned this Nov 6, 2023
@cudeso
Copy link
Owner

cudeso commented Nov 6, 2023

Indeed. This would be a good improvement. I put it on the roadmap for future inclusion.

@cudeso cudeso added the roadmap To implement in a future release label Nov 6, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request roadmap To implement in a future release
Projects
None yet
Development

No branches or pull requests

2 participants