Prevent Browsing HTTP from HTTPS

Browse HTTP from HTTPS is a vulnerability allowing HTTPS pages to be accessed via HTTP, thus disclosing potentially sensitive information. We strongly suggest enforcing the redirection of HTTP requests to HTTPS via a setting in Overwatch.

To redirect HTTP request to HTTPS:

  1. Use the Command-Line Configure utility to pass the following command to Overwatch. This enforces redirection in the CSM Portal.

    /updateportalsettings /redirecthttptohttps=true

  2. Use the Command-Line Configure utility to pass the following command to Overwatch. This enforces redirection in the CSM Browser Client.

    /updatebrowserclientsettings /redirecthttptohttps=true
    

  3. Reset IIS.
  4. Review the configuration of any applications you have installed to ensure proper permissions are in place to prohibit forceful browsing of HTTPS resources.