azure-appsvc-ftp-disabled

Ensure FTP deployments are disabled

The standard FTP protocol is not encrypted and may expose both your user credentials as well as your code. Instead, it would be preferable to either use a more secure protocol such as FTPS or Git in order to ensure that the communication channel remains encrypted.

Examples

Insecure Example

resource "azurerm_app_service" "example" {
  name                = "example-app-service"
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name
  app_service_plan_id = azurerm_app_service_plan.example.id

  site_config {
    dotnet_framework_version = "v4.0"
    scm_type                 = "LocalGit"
    ftps_state               = "AllAllowed"
  }
}

Secure Example

resource "azurerm_app_service" "example" {
  name                = "example-app-service"
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name
  app_service_plan_id = azurerm_app_service_plan.example.id

  site_config {
    dotnet_framework_version = "v4.0"
    scm_type                 = "LocalGit"
    ftps_state               = "FtpsOnly"
  }
}

More information

• Azure Docs
• Terraform Docs