Enable FTPS-Only Access For App Services

Using Console

Using CLI

To remediate the misconfiguration “Enable FTPS-Only Access For App Services” for Azure using Azure CLI, you can follow the below steps:Step 1: Open the Azure CLI and login to your Azure account using the command “az login”.Step 2: Once you are logged in, you need to select the subscription that contains the App Service you want to remediate. You can use the command “az account set —subscription <subscription-id>” to set the subscription.Step 3: Now, you need to enable FTPS-Only Access for the App Service. You can use the following command to do this:

az webapp config set --resource-group <resource-group-name> --name <app-service-name> --ftps-state FtpsOnly

In the above command, replace <resource-group-name> with the name of the resource group that contains the App Service you want to remediate, and replace <app-service-name> with the name of the App Service.Step 4: Once you run the above command, it will enable FTPS-Only Access for the App Service. You can verify this by going to the Azure portal and checking the FTPS settings for the App Service.By following the above steps, you can successfully remediate the misconfiguration “Enable FTPS-Only Access For App Services” for Azure using Azure CLI.

Using Python

To remediate the misconfiguration “Enable FTPS-Only Access for App Services” in Azure using Python, you can follow the below steps:Step 1: Install the Azure SDK for Python using the below command:

pip install azure

Step 2: Connect to the Azure subscription using the below code:

from azure.common.credentials import ServicePrincipalCredentials
from azure.mgmt.resource import ResourceManagementClient
from azure.mgmt.web import WebSiteManagementClient

# Tenant ID for Azure subscription
TENANT_ID = '<Tenant ID>'

# Client ID (Application ID) for Service Principal
CLIENT_ID = '<Client ID>'

# Client Secret for Service Principal
CLIENT_SECRET = '<Client Secret>'

# Subscription ID for Azure subscription
SUBSCRIPTION_ID = '<Subscription ID>'

# Resource Group Name
RESOURCE_GROUP_NAME = '<Resource Group Name>'

# Web App Name
WEB_APP_NAME = '<Web App Name>'

# Create Service Principal Credentials object
credentials = ServicePrincipalCredentials(
    client_id=CLIENT_ID,
    secret=CLIENT_SECRET,
    tenant=TENANT_ID
)

# Create Resource Management Client object
resource_client = ResourceManagementClient(
    credentials,
    SUBSCRIPTION_ID
)

# Create Web Site Management Client object
web_client = WebSiteManagementClient(
    credentials,
    SUBSCRIPTION_ID
)

Step 3: Get the FTPS state of the web app using the below code:

# Get the web app
web_app = web_client.web_apps.get(RESOURCE_GROUP_NAME, WEB_APP_NAME)

# Get the FTPS state
ftps_state = web_app.ftps_state

Step 4: If the FTPS state is not ‘FtpsOnly’, then update the FTPS state using the below code:

if ftps_state != 'FtpsOnly':
    # Update the FTPS state to 'FtpsOnly'
    web_app.ftps_state = 'FtpsOnly'
    web_client.web_apps.create_or_update(RESOURCE_GROUP_NAME, WEB_APP_NAME, web_app)

Step 5: Verify that the FTPS state has been updated to ‘FtpsOnly’ using the below code:

# Get the web app
web_app = web_client.web_apps.get(RESOURCE_GROUP_NAME, WEB_APP_NAME)

# Get the FTPS state
ftps_state = web_app.ftps_state

# Verify that the FTPS state is 'FtpsOnly'
if ftps_state == 'FtpsOnly':
    print('FTPS-Only Access has been enabled for the web app.')
else:
    print('Failed to enable FTPS-Only Access for the web app.')

This should remediate the misconfiguration “Enable FTPS-Only Access for App Services” in Azure using Python.

Azure Introduction

Azure Pricing

Azure Threats

Azure Misconfigurations

Enable FTPS-Only Access For App Services

More Info:

Risk Level

Address

Compliance Standards

Triage and Remediation

Remediation

Azure Introduction

Azure Pricing

Azure Threats

Azure Misconfigurations

​More Info:

​Risk Level

​Address

​Compliance Standards

​Triage and Remediation