Its noticed that, after deploying packages to the webapp appservice solts using azuredevops release pipeline task - "Azure AppService Deploy", the properties of the appservice getting changed.
Every time the application or function is deployed to app services, these values are getting replaced with default values and so triggering a High Severity Security Alert in the azure security center. Eventhough we manually set through portal, when we deploy a new package to the appservices, again, these properties are getting changed.
So looking for azurecli command or other paramaters which can be passed to the azuredevops tasks to ensure that these properties are disabled after the new package deployment to the appservice slots.
FTP state: Disabled
Http version: 2.0
HTTPS Only: On
It should not be the case! looks like you are also recreating the app service while deploying if you are using ARM\BICEP you can set these flags under properties
properties: {
httpsOnly: true
siteConfig: {
ftpsState: 'FtpsOnly'
}
}
you can also set these values (site values) using powershell
$app = Get-AzWebAppSlot -ResourceGroupName $ResourceGroup -Name $name -Slot $slot
if ($app) {
if ($Status.Tolower() -ne $app.SiteConfig.FtpsState.Tolower()) {
$app.SiteConfig.FtpsState = $Status
Set-AzWebAppSlot -WebApp $app -ErrorAction SilentlyContinue | Out-Null
}
}