Hi Robson,
There are some best practice that you can follow to make more secure your app service (https://learn.microsoft.com/en-us/azure/app-service/app-service-best-practices / https://learn.microsoft.com/en-us/azure/app-service/overview-security), besides that if your use case require use ftp here some suggestions:
- Enforce FTPS: In Azure portal, select your app’s resource page, select Configuration > General settings, and set FTP state to ‘FTPS Only’.
- Disable FTPS if not used: In Azure portal, select your app’s resource page, select Configuration > General settings, and set FTP state to ‘Disabled’ if you don’t use FTP deployment.
- Use Azure Storage: Create an Azure Storage Account, attach a file share to the app service and mount it. This allows you to manage files in a centralized and secure manner.
- Secure Your App: Enforce HTTPS, disable outdated protocols like TLS 1.0, use FTPS over FTP, and add access restrictions to your app.
- Use Deployment Center: In Azure portal, select your app’s resource page, select Deployment Center, and specify FTPS credentials. This allows you to manage deployments in a secure manner.
- Use CI/CD tool to deploy your web application like azure devops or github actions.
References:
- https://learn.microsoft.com/en-us/azure/app-service/deploy-ftp?tabs=portal
- https://learn.microsoft.com/en-us/azure/app-service/overview-security
- https://learn.microsoft.com/en-us/azure/app-service/app-service-ip-restrictions?tabs=azurecli
- https://learn.microsoft.com/en-us/security/benchmark/azure/baselines/app-service-security-baseline
- https://learn.microsoft.com/en-us/troubleshoot/azure/app-service/web-apps-deployment-faqs
If the information helped address your question, please Accept the answer.
Luis