azure-appsvc-ftp-disabled¶
Ensure FTP deployments are disabled
The standard FTP protocol is not encrypted and may expose both your user credentials as well as your code. Instead, it would be preferable to either use a more secure protocol such as FTPS or Git in order to ensure that the communication channel remains encrypted.
Examples¶
Insecure Example
resource "azurerm_app_service" "example" {
name = "example-app-service"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
app_service_plan_id = azurerm_app_service_plan.example.id
site_config {
dotnet_framework_version = "v4.0"
scm_type = "LocalGit"
ftps_state = "AllAllowed"
}
}
Secure Example
resource "azurerm_app_service" "example" {
name = "example-app-service"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
app_service_plan_id = azurerm_app_service_plan.example.id
site_config {
dotnet_framework_version = "v4.0"
scm_type = "LocalGit"
ftps_state = "FtpsOnly"
}
}