none
Closing VS remote debugging ports for Azure Web Apps RRS feed

  • Question

  • Hi -

    Our production-like environment (S1 - small) on Azure North Europre region hosts some API/Azure Web Apps. We recently completed a security audit and one of the findings was that Visual Studio Remote Debugging ports (4016, 4018 & 4020) are open. We would like to fix this immediately. We do not publish from VS Studio directly to this environment - we have a staging slot and we swap out the deployment from there. However, we might have published directly once in the past (can't be sure). The remote debugging setting in the application settings blade for this API node is most definitely set to OFF. Please advice. Our VS Stusio version is 14.0.25431.01 Update 3 VS Enterprise 2015.

    BR/Deepak

    Friday, November 11, 2016 11:28 AM

All replies

  • Hi,

    You cannot close these ports as Azure Web Apps are multi tenant environment by design.

    Description of these ports is available here:
    https://azure.microsoft.com/en-us/documentation/articles/app-service-app-service-environment-control-inbound-traffic/ 
    In case App Service Environment you can actually block some of them at the VNET level.

    • 4016: Used for remote debugging with Visual Studio 2012. This port can be safely blocked if the feature is not being used.
    • 4018: Used for remote debugging with Visual Studio 2013. This port can be safely blocked if the feature is not being used.
    • 4020: Used for remote debugging with Visual Studio 2015. This port can be safely blocked if the feature is not being used.

    Regards,
    Azam Khan

    Friday, November 11, 2016 6:20 PM