Browse HTTP from HTTPS is a vulnerability allowing HTTPS pages to
be accessed via HTTP, thus disclosing potentially sensitive information. We
strongly suggest enforcing the redirection of HTTP requests to HTTPS via a
setting in
Overwatch.
To redirect HTTP request to HTTPS:
- Use the Command-Line Configure utility to pass the following
command to
Overwatch.
This enforces redirection in the
CSM Portal.
/updateportalsettings /redirecthttptohttps=true
- Use the Command-Line Configure utility to pass the following
command to
Overwatch.
This enforces redirection in the
CSM Browser Client.
/updatebrowserclientsettings /redirecthttptohttps=true
- Reset IIS.
- Review the configuration of any applications you have installed to
ensure proper permissions are in place to prohibit forceful browsing of HTTPS
resources.