禁用Azure App Service的Web部署 [英] Disable web deploy for Azure App Service
问题描述
默认情况下,所有Azure Web Apps都具有可用于Web部署/ MSDeploy的应用程序部署凭据。 为了安全起见,我们希望减少攻击面并防止以这种方式发生部署。 例如,我们可以:
- 完全禁用Web部署?
- 将Web部署限制为一组IP地址? (但不限制它支持的应用程序)
- 创建一个决定接受/拒绝部署的部署后挂钩?
- 创建一个执行上述任何操作的Kudu站点扩展?
使用应用服务环境太贵了。 可能存在哪些选项?
感谢您的提问!
有许多部署方法可用,是的,Web Deploy(msdeploy.exe)是默认设置。如果要更改部署选项;
1.Expand 其他部署选项
2.然后启用 选择部署方法 从中进行选择其他基于包的部署选项。
3。从Web部署,容器,Zip部署,从Zip运行或Kudu REST API中进行选择。
(注意:默认情况下,当这个如果未选择该选项,则任务会尝试根据输入包,应用服务类型和代理操作系统选择适当的部署技术。)
4。使用Web Deploy发布
5.应用在部署Azure Web App时将附加到MSDeploy命令的其他Web Deploy参数,例如 -
disableLink:AppPoolExtension -disableLink:ContentExtension。
这对于启用和禁用规则以及跳过特定文件夹的同步非常有用。
您还可以参考以下链接:
https://docs.microsoft.com/en-us/azure/devops/pipelines/tasks/deploy/azure-rm -web应用内部署?视图=天青-DEVOPS#部署的方法
By default all Azure Web Apps have application deployment credentials that can be used for web deploy/MSDeploy. For security, we would like to reduce our attack surface and prevent deployment from happening this way. For example, can we:
- Disable web deploy entirely?
- Restrict web deploy to a set of IP addresses? (but not restrict the application it supports)
- Create a post-deploy hook that decides to accept/reject the deployment?
- Create a Kudu site extension that does any of the above?
Using an App Service Environment is too expensive. What options might exist?
Thanks for the question!
There are many deployment methods available and Yes, Web Deploy (msdeploy.exe) is the default. If you want to change the deployment option;
1.Expand Additional Deployment Options
2.Then enable Select deployment method to choose from the additional package-based deployment options.
3. Select from Web Deploy, Container, Zip Deploy, Run from Zip, or Kudu REST APIs.
(Note: By default, when this option is not selected, the task attempts to select the appropriate deployment technology based on the input package, app service type, and agent OS.)
4. Publish using Web Deploy
5. Apply Additional Web Deploy arguments that will be appended to the MSDeploy command while deploying the Azure Web App such as -
disableLink:AppPoolExtension and -disableLink:ContentExtension.
This is useful for enabling and disabling rules, and for skipping synchronization of specific folders.
You may also refer below link:
https://docs.microsoft.com/en-us/azure/devops/pipelines/tasks/deploy/azure-rm-web-app-deployment?view=azure-devops#deploy-methods
这篇关于禁用Azure App Service的Web部署的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
