App Service web app FTP deployments should be disabled¶
Description¶
App Service web app FTP deployment endpoints are public, which means that a malicious actor on an insecure network can obtain user credentials and gain control of the code base for the web app.
Azure Portal¶
Navigate to App Services.
Select an app.
In the left navigation under Settings, select Configuration.
Select General Settings and from the FTP state drop-down, select Disabled or FTPS Only.
Click Save.
Azure CLI¶
To disable FTP deployments for an App Service web app:
az webapp config set --name <app-name> --resource-group <group-name> --ftps-state Disabled