Prevent Browsing HTTP from HTTPS

Browse HTTP from HTTPS is a vulnerability allowing HTTPS pages to be accessed via HTTP, thus disclosing potentially sensitive information. We strongly suggest enforcing the redirection of HTTP requests to HTTPS via a setting in Overwatch.

To redirect HTTP request to HTTPS:

1. Use the Command-Line Configure utility to pass the following command to Overwatch. This enforces redirection in the CSM Portal.
   

   /updateportalsettings /redirecthttptohttps=true

2. Use the Command-Line Configure utility to pass the following command to Overwatch. This enforces redirection in the CSM Browser Client.
   

   /updatebrowserclientsettings /redirecthttptohttps=true
   

3. Reset IIS.
4. Review the configuration of any applications you have installed to ensure proper permissions are in place to prohibit forceful browsing of HTTPS resources.