问题描述

默认情况下，所有Azure Web Apps都具有可用于Web部署/ MSDeploy的应用程序部署凭据。 为了安全起见，我们希望减少攻击面并防止以这种方式发生部署。 例如，我们可以：

• 完全禁用Web部署？
• 将Web部署限制为一组IP地址？  （但不限制它支持的应用程序）
• 创建一个决定接受/拒绝部署的部署后挂钩？
• 创建一个执行上述任何操作的Kudu站点扩展？

使用应用服务环境太贵了。 可能存在哪些选项？

By default all Azure Web Apps have application deployment credentials that can be used for web deploy/MSDeploy.  For security, we would like to reduce our attack surface and prevent deployment from happening this way.  For example, can we:

• Disable web deploy entirely?
• Restrict web deploy to a set of IP addresses?  (but not restrict the application it supports)
• Create a post-deploy hook that decides to accept/reject the deployment?
• Create a Kudu site extension that does any of the above?

Using an App Service Environment is too expensive.  What options might exist?

这篇关于禁用Azure App Service的Web部署的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！