Reputation: 3395
Understanding/Restricting Azure Web App Permissions
I am trying to understand how files and folders are restricted in Azure Web Apps.
Currently, it appears that none of the .dlls in my bin folder can be accessed, but a .dll in my App_Theme folder can.
Is there a logic behind what is publicly accessible and now? Is there a way to lock down public access so that not everything can be downloaded?
Upvotes: 1
Views: 2244
Answers (2)
Reputation: 1242
Solution:
If you know the name of your webapp you can skip to step 4 by navigating the to https://{webappname}.scm.azurewebsites.net else start at 1.
- Login to your Azure Portal.
- Open the blade for the WebApp in question.
- Select "Advanced Tools" (formerly: "Kudo Tools")
- Select the
Debug consoleand thenCMDorPowerShell - Execute the following command to make the file read only (i.e. as recommended for config files in many php projects):
attrib +r -a -s -h {file}
Command Explained:
Reference: https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-xp/bb490868(v=technet.10)
+r : Sets the read-only file attribute.
-r : Clears the read-only file attribute.
+a : Sets the archive file attribute.
-a : Clears the archive file attribute.
+s : Sets the system file attribute.
-s : Clears the system file attribute.
+h : Sets the hidden file attribute.
-h : Clears the hidden file attribute.
Note:
I have tried the following methods as per standard windows environments and they all failed:
- FTP (FileZilla & Windows Explorer)
CHMOD 664 {file}(on CMD/PowerShell via Advanced/Kudu Tools from the WebApp blade)
Upvotes: 0
Reputation: 24549
Is there a logic behind what is publicly accessible and now?
The hiddenSegments element contains a collection of add elements that identify certain URLs IIS will make inaccessible to clients. We can get more detail about hiddenSegments from the document.
We also can remote to the Azure website to set it, about how to remote azure website using IIS-manager, please refer to another document.
Is there a way to lock down public access so that not everything can be downloaded?
1.After we remote to azure website,in the Home pane double-click Request Filtering.
2.In the Request Filtering pane, click the Hidden Segments tab, and then click Add Hidden Segment.
3.Try to access the file
Upvotes: 1
Related Questions
- Azure App Service access restrictions with service tag not working
- Azure web app access restrictions between Apps
- Preventing Public Access of an Azure App Service app directory
- AppService access restrictions and access from Release Pipelines
- What Rbac action/permission would allow Azure App Service Network Access Restrictions
- How do I restrict the clients that can access my Azure App Service?
- Azure - restrict access to app service only
- Folder permissions in Azure web sites
- Control access to web apps on Azure
- Access security to an Azure App Service API App