Use a newer PHP runtime version#
Security · App Service · 2020_12
Configure applications to use newer PHP runtime versions.
Description#
Within a App Service app, the version of PHP runtime used to run application/ site code is configurable. Older versions of PHP may not use the latest security features.
Recommendation#
Consider updating the site to use a newer PHP runtime version such as 7.4
.
Examples#
Configure with Azure template#
To deploy App Services that pass this rule:
- Set
properties.siteConfig.phpVersion
to a minimum of7.0
.
For example:
Azure Template snippet
{
"type": "Microsoft.Web/sites",
"apiVersion": "2021-03-01",
"name": "[parameters('name')]",
"location": "[parameters('location')]",
"identity": {
"type": "SystemAssigned"
},
"kind": "web",
"properties": {
"serverFarmId": "[resourceId('Microsoft.Web/serverfarms', parameters('planName'))]",
"httpsOnly": true,
"siteConfig": {
"alwaysOn": true,
"minTlsVersion": "1.2",
"ftpsState": "FtpsOnly",
"remoteDebuggingEnabled": false,
"http20Enabled": true,
"netFrameworkVersion": "OFF",
"phpVersion": "7.4"
}
},
"tags": "[parameters('tags')]",
"dependsOn": [
"[resourceId('Microsoft.Web/serverfarms', parameters('planName'))]"
]
}
Configure with Bicep#
To deploy App Services that pass this rule:
- Set
properties.siteConfig.phpVersion
to a minimum of7.0
.
For example:
Azure Bicep snippet
resource webAppPHP 'Microsoft.Web/sites@2021-03-01' = {
name: name
location: location
identity: {
type: 'SystemAssigned'
}
kind: 'web'
properties: {
serverFarmId: plan.id
httpsOnly: true
siteConfig: {
alwaysOn: true
minTlsVersion: '1.2'
ftpsState: 'FtpsOnly'
remoteDebuggingEnabled: false
http20Enabled: true
netFrameworkVersion: 'OFF'
phpVersion: '7.4'
}
}
tags: tags
}
Links#
Last update:
2022-12-03