Ensure remote debugging has been disabled for your production Web App

Ensure that your Azure Web App have remote debugging disabled in order to enhance security and protect the applications from unauthorized access. Remote Debugging feature is available for web applications (e.g. ASP.NET, ASP.NET Core, Node.js, Python).

Risk Level: High
Cloud Entity: Web Apps service
CloudGuard Rule ID: D9.AZU.NET.34
Covered by Spectral: Yes
Category: Compute

GSL LOGIC

WebApp should not have config.remoteDebuggingEnabled=true

REMEDIATION

Set Remote Debugging to False:

From CLI

az webapp config set --ids <function-app-id> --remote-debugging-enabled false

From TF

resource "azurerm_linux_web_app" "example" {
	site_config {
		-   remote_debugging = false
		+   remote_debugging = true
	}
}

Web Apps service

Azure App Service is an HTTP-based service for hosting web applications, REST APIs, and mobile back ends. You can develop in your favorite language, be it .NET, .NET Core, Java, Ruby, Node.js, PHP, or Python. Applications run and scale with ease on both Windows and Linux-based environments.

Compliance Frameworks

  • Azure CloudGuard Best Practices
  • Azure HITRUST v9.5.0
  • Azure Security Risk Management
  • CloudGuard Azure All Rules Ruleset