Pattern: Disabled Azure App Service detailed error messages
Issue: -
Copies of the .htm error pages that would have been sent to the client browser. For security reasons, detailed error pages shouldn't be sent to clients in production, but App Service can save the error page each time an application error occurs that has HTTP code 400 or greater. The page may contain information that can help determine why the server returns the error code.
Resolution: enable detailed_error_messages_enabled.
Example of incorrect code:
resource "azurerm_app_service" "bad_example" {
name = "example-app-service"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
app_service_plan_id = azurerm_app_service_plan.example.id
}Example of correct code:
resource "azurerm_app_service" "good_example" {
name = "example-app-service"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
app_service_plan_id = azurerm_app_service_plan.example.id
logs {
detailed_error_messages_enabled = true
}
}