---
title: Communication over HTTP in defaults
description: Datadog, the leading service for cloud-scale monitoring.
breadcrumbs: >-
  Docs > Datadog Security > Code Security > Infrastructure as Code (IaC)
  Security > IaC Security Rules > Communication over HTTP in defaults
---

# Communication over HTTP in defaults

{% callout %}
# Important note for users on the following Datadog sites: app.ddog-gov.com

{% alert level="danger" %}
This product is not supported for your selected [Datadog site](https://docs.datadoghq.com/getting_started/site.md). ().
{% /alert %}

{% /callout %}

## Metadata{% #metadata %}

**Id:** `d7dc9350-74bc-485b-8c85-fed22d276c43`

**Cloud Provider:** Ansible Config

**Platform:** Ansible

**Severity:** Medium

**Category:** Insecure Configurations

#### Learn More{% #learn-more %}

- [Provider Reference](https://docs.ansible.com/ansible/latest/plugins/httpapi.html)

### Description{% #description %}

Galaxy `server` URLs must use HTTPS to protect the confidentiality and integrity of downloaded roles and any credentials exchanged. Using plain HTTP exposes downloads and authentication data to interception or tampering.

In Ansible configuration documents, this is the `groups.galaxy.server` property, which must begin with `https://` instead of `http://`. Resources with a missing `server` property or a value that starts with `http://` are flagged. Ensure the HTTPS endpoint presents a valid TLS certificate and do not disable certificate verification.

Secure configuration example:

```yaml
groups:
  galaxy:
    server: "https://galaxy.example.com"
```

## Compliant Code Examples{% #compliant-code-examples %}

```ini
[galaxy]
cache_dir=~/.ansible/galaxy_cache
ignore_certs=False
role_skeleton_ignore=^.git$, ^.*/.git_keep$
server=https://galaxy.ansible.com
```

## Non-Compliant Code Examples{% #non-compliant-code-examples %}

```ini
[galaxy]
cache_dir=~/.ansible/galaxy_cache
ignore_certs=False
role_skeleton_ignore=^.git$, ^.*/.git_keep$
server=http://galaxy.ansible.com
```