From 5fee5e9945613a32b437a8c635c1506c28820c45 Mon Sep 17 00:00:00 2001
From: Jim Madge <jmadge@turing.ac.uk>
Date: Fri, 28 Jun 2024 11:41:29 +0100
Subject: [PATCH] Also block HTTP

---
 data_safe_haven/infrastructure/programs/sre/firewall.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/data_safe_haven/infrastructure/programs/sre/firewall.py b/data_safe_haven/infrastructure/programs/sre/firewall.py
index ce7ed78fb1..b4c5653c37 100644
--- a/data_safe_haven/infrastructure/programs/sre/firewall.py
+++ b/data_safe_haven/infrastructure/programs/sre/firewall.py
@@ -250,6 +250,10 @@ def __init__(
                             description="Deny external Ubuntu Snap Store upload and login access",
                             name="DenyUbuntuSnapcraft",
                             protocols=[
+                                network.AzureFirewallApplicationRuleProtocolArgs(
+                                    port=int(Ports.HTTP),
+                                    protocol_type=network.AzureFirewallApplicationRuleProtocolType.HTTP,
+                                ),
                                 network.AzureFirewallApplicationRuleProtocolArgs(
                                     port=int(Ports.HTTPS),
                                     protocol_type=network.AzureFirewallApplicationRuleProtocolType.HTTPS,