More Info:

Cloud CDN regional backend services should use only the secure listeners. A listener is a process that checks for connection requests, using the protocol and port that you configure.

Risk Level

Medium

Address

Security

Compliance Standards

SOC2

Triage and Remediation

Remediation

To remediate the “Cloud CDN Regional Backend Services Should Use Secure Listeners Only” misconfiguration in GCP using the GCP console, please follow the below steps:

  1. Open the Google Cloud Console and select the project in which the Cloud CDN has been configured.
  2. In the left-hand side menu, click on “Cloud CDN”.
  3. In the Cloud CDN dashboard, click on the name of the CDN you want to modify.
  4. In the CDN details page, click on the “Backend configuration” tab.
  5. In the “Backend configuration” tab, click on the “Edit” button.
  6. In the “Edit backend configuration” page, scroll down to the “Backend service” section.
  7. In the “Backend service” section, click on the “Edit” button.
  8. In the “Edit backend service” page, scroll down to the “Protocol” section.
  9. In the “Protocol” section, select “HTTPS” from the drop-down list.
  10. In the same section, select the “Port number” as per your requirement.
  11. Click on the “Save” button to save the changes.
  12. Repeat steps 5-11 for all the backend services used by the CDN.

By following the above steps, you have successfully remediated the “Cloud CDN Regional Backend Services Should Use Secure Listeners Only” misconfiguration in GCP using the GCP console.

Additional Reading: