This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hello,
I am struggling to find the right controls to start configuring the static app to be accessed only
*from HTTPS/to
*disable FTP and
*TLS 1.2 only access
I appreciate all help and guidance on this issue
Thank you
MG
Edited: title for more clarity
Azure Static Web Apps have all of this built in by default, i.e. HTTPS only with TLS 1.2 and no FTP access. To my knowledge this cannot be changed.
How can I check if it is enabled by default
Have you deployed it yet? It will only take a few minutes to create if you want to take a look. I just checked one of my own deployments and I can confirm all of these settings are in place and as far as I can see these settings can't be changed. This is a relatively new Azure service so it was designed to be secure by default.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(153.6, 92%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
@Meron Gebremedhin , As AlanKinane (thank you) correctly described:
HTTPS is always enabled on Azure Static Web apps.
Azure Static Web Apps works exclusively with GitHub repositories, so FTP is not an option.
Azure Static Web App platform manages the TLS settings. So, it is always up to date.
I have relayed the feedback to our product engineering team to see if these points can be explicitly highlighted in the Azure docs for bringing additional clarity.
Thanks for your cooperation. Much appreciate your value feedback on this.
Edited: title and adding an answer.
To benefit the community find the right answers, please do mark the post which was helpful by clicking on ‘Accept Answer’ & ‘Up-Vote’.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(272, 66%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDO%3C/text%3E%3C/svg%3E)
I am using sslscan to read the endpoint where we have deployed our static website and though the storage container is showing a Minimum of TLS 1.2, it is still showing TLS 1.0 and 1.1 are enabled.
Is there a way to turn this all off? My screenshots should show the results of the SSL scan showing TLS 1.0 and 1.1 enabled while Azure Portal showing my storage account requiring a minimum of 1.2.
Based on your answer, I would expect to see my TLS 1.1 and 1.0 disabled but must be missing something. How does this reconcile with the answer?
SSL Scan Results
Azure Portal Security Settings
