PUT /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Web/sites/{name}/slots/{slot}/config/web/?api-version=2023-01-01

Name of the app.

Name of the deployment slot. If a slot is not specified, the API will update configuration for the production slot.

Your Azure subscription ID. This is a GUID-formatted string (e.g. 00000000-0000-0000-0000-000000000000).

Name of the resource group to which the resource belongs.

Default value: "application/json"

Resource Id.

Resource Name.

Configuration of an App Service app.

Linux App Framework and version

ScmMinTlsVersion: configures the minimum version of TLS required for SSL requests for SCM site

Possible values:

• "1.1"
• "1.0"
• "1.2"

true if remote debugging is enabled; otherwise, false.

Information about the formal API definition for the app.

The URL of the API definition.

.NET Framework version.

Default value: "v4.6"

Application metadata. This property cannot be retrieved, since it may contain secrets.

Pair name.

Pair value.

Java container version.

Tracing options.

Cross-Origin Resource Sharing (CORS) settings for the app.

Gets or sets the list of origins that should be allowed to make cross-origin calls (for example: http://example.com:12345). Use "*" to allow all.

Gets or sets whether CORS requests with credentials are allowed. See https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#Requests_with_credentials for more details.

Version of Python.

Number of preWarmed instances. This setting only applies to the Consumption and Elastic Plans

true if detailed error logging is enabled; otherwise, false.

App command line to launch.

true if request tracing is enabled; otherwise, false.

The number of private ports assigned to this app. These will be assigned dynamically on runtime.

Virtual applications.

Physical path.

Virtual path.

true if preloading is enabled; otherwise, false.

Virtual directories for virtual application.

Physical path.

Path to virtual application.

true if Auto Heal is enabled; otherwise, false.

Identity to use for Key Vault Reference authentication.

Publishing user name.

IP security restrictions for scm to use main.

Connection strings.

Name of connection string.

Type of database.

Possible values:

• "ApiHub"
• "PostgreSQL"
• "Custom"
• "NotificationHub"
• "EventHub"
• "DocDb"
• "RedisCache"
• "MySql"
• "SQLAzure"
• "ServiceBus"
• "SQLServer"

Connection string value.

Virtual Network name.

true if HTTP logging is enabled; otherwise, false.

Azure API management (APIM) configuration linked to the app.

APIM-Api Identifier.

Health check path

If using user managed identity, the user managed identity ClientId

Version of PHP.

IP security restrictions for scm.

Priority of IP restriction rule.

Virtual network resource id

(internal) Subnet traffic tag

IP restriction rule name.

Allow or Deny access for this IP range.

IP restriction rule description.

IP address the security restriction is valid for. It can be in form of pure ipv4 address (required SubnetMask property) or CIDR notation such as ipv4/mask (leading bit match). For CIDR, SubnetMask property must not be specified.

(internal) Vnet traffic tag

Subnet mask for the range of IP addresses the restriction is valid for.

IP restriction rule headers. X-Forwarded-Host (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Host#Examples). The matching logic is ..

• If the property is null or empty (default), all hosts(or lack of) are allowed.
• A value is compared using ordinal-ignore-case (excluding port number).
• Subdomain wildcards are permitted but don't match the root domain. For example, *.contoso.com matches the subdomain foo.contoso.com but not the root domain contoso.com or multi-level foo.bar.contoso.com
• Unicode host names are allowed but are converted to Punycode for matching.

X-Forwarded-For (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For#Examples). The matching logic is ..

• If the property is null or empty (default), any forwarded-for chains (or lack of) are allowed.
• If any address (excluding port number) in the chain (comma separated) matches the CIDR defined by the property.

X-Azure-FDID and X-FD-HealthProbe. The matching logic is exact match.

Defines what this IP filter will be used for. This is to support IP filtering on proxies.

Possible values:

• "XffProxy"
• "Default"
• "ServiceTag"

MachineKey of an app.

Validation key.

Algorithm used for decryption.

MachineKey validation.

Decryption key.

Property to allow or block all public traffic.

Java container.

Gets or sets a value indicating whether functions runtime scale monitoring is enabled. When enabled, the ScaleController will not monitor event sources directly, but will instead call to the runtime to get scale status.

Version of Node.js.

Flag to use Managed Identity Creds for ACR pull

Site load balancing.

Possible values:

• "RequestHash"
• "LeastResponseTime"
• "LeastRequests"
• "WeightedRoundRobin"
• "PerSiteRoundRobin"
• "WeightedTotalTraffic"

Virtual Network Route All enabled. This causes all outbound traffic to have Virtual Network Security Groups and User Defined Routes applied.

true to enable local MySQL; otherwise, false.

Default value: false

Push settings for the App.

Resource Id.

Resource Name.

PushSettings resource specific properties

Gets or sets a flag indicating whether the Push endpoint is enabled.

Gets or sets a JSON string containing a list of dynamic tags that will be evaluated from user claims in the push registration endpoint.

Gets or sets a JSON string containing a list of tags that are whitelisted for use by the push registration endpoint.

Gets or sets a JSON string containing a list of tags that require user authentication to be used in the push registration endpoint. Tags can consist of alphanumeric characters and the following: '_', '@', '#', '.', ':', '-'. Validation should be performed at the PushRequestHandler.

Resource type.

Kind of resource.

Auto-swap slot name.

Document root.

State of FTP / FTPS service

Possible values:

• "FtpsOnly"
• "Disabled"
• "AllAllowed"

true if WebSocket is enabled; otherwise, false.

Http20Enabled: configures a web site to allow clients to connect over http2.0

Default value: true

Metric limits set on an app.

Maximum allowed disk size usage in MB.

Maximum allowed memory usage in MB.

Maximum allowed CPU usage percentage.

Maximum number of workers that a site can scale out to. This setting only applies to the Consumption and Elastic Premium Plans

Version of PowerShell.

Managed pipeline mode.

Possible values:

• "Integrated"
• "Classic"

The minimum strength TLS cipher suite allowed for an application

Possible values:

• "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
• "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"
• "TLS_AES_256_GCM_SHA384"
• "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
• "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"
• "TLS_RSA_WITH_AES_128_CBC_SHA256"
• "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"
• "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"
• "TLS_RSA_WITH_AES_256_GCM_SHA384"
• "TLS_RSA_WITH_AES_256_CBC_SHA256"
• "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"
• "TLS_AES_128_GCM_SHA256"
• "TLS_RSA_WITH_AES_256_CBC_SHA"
• "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"
• "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"
• "TLS_RSA_WITH_AES_128_GCM_SHA256"
• "TLS_RSA_WITH_AES_128_CBC_SHA"

Number of minimum instance count for a site This setting only applies to the Elastic Plans

Application settings.

Pair name.

Pair value.

true if Always On is enabled; otherwise, false.

Rules that can be defined for auto-heal.

Actions which to take by the auto-heal module when a rule is triggered.

Predefined action to be taken.

Possible values:

• "CustomAction"
• "Recycle"
• "LogEvent"

Minimum time the process must execute before taking the action

Custom action to be executed when an auto heal rule is triggered.

Executable to be run.

Parameters for the executable.

Triggers for auto-heal.

Trigger based on request execution time.

Request Count.

Time taken.

Time interval.

Request Path.

Trigger based on total requests.

Request Count.

Time interval.

A rule based on status codes ranges.

Request Count.

Time interval.

HTTP status code.

A rule based on private bytes.

A rule based on status codes.

Request Count.

HTTP status code.

Request Sub Status.

Time interval.

Win32 error code.

Request Path

A rule based on multiple Slow Requests Rule with path

Request Count.

Time taken.

Time interval.

Request Path.

Xenon App Framework and version

Remote debugging version.

Default action for main access restriction if no rules are matched.

Possible values:

• "Deny"
• "Allow"

Routing rules in production experiments.

List of ramp-up rules.

Hostname of a slot to which the traffic will be redirected if decided to. E.g. myapp-stage.azurewebsites.net.

Custom decision algorithm can be provided in TiPCallback site extension which URL can be specified. See TiPCallback site extension for the scaffold and contracts. https://www.siteextensions.net/packages/TiPCallback/

Name of the routing rule. The recommended name would be to point to the slot which will receive the traffic in the experiment.

Specifies interval in minutes to reevaluate ReroutePercentage.

Specifies upper boundary below which ReroutePercentage will stay.

Percentage of the traffic which will be redirected to ActionHostName.

Specifies lower boundary above which ReroutePercentage will stay.

In auto ramp up scenario this is the step to add/remove from ReroutePercentage until it reaches \nMinReroutePercentage or MaxReroutePercentage. Site metrics are checked every N minutes specified in ChangeIntervalInMinutes.\nCustom decision algorithm can be provided in TiPCallback site extension which URL can be specified in ChangeDecisionCallbackUrl.

Java version.

HTTP logs directory size limit.

Default action for scm access restriction if no rules are matched.

Possible values:

• "Deny"
• "Allow"

Sets the time zone a site uses for generating timestamps. Compatible with Linux and Windows App Service. Setting the WEBSITE_TIME_ZONE app setting takes precedence over this config. For Linux, expects tz database values https://www.iana.org/time-zones (for a quick reference see https://en.wikipedia.org/wiki/List_of_tz_database_time_zones). For Windows, expects one of the time zones listed under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones

Default documents.

Number of workers.

Maximum number of workers that a site can scale out to. This setting only applies to apps in plans where ElasticScaleEnabled is true

SCM type.

Possible values:

• "VSTSRM"
• "CodePlexHg"
• "Tfs"
• "BitbucketHg"
• "Dropbox"
• "GitHub"
• "OneDrive"
• "None"
• "ExternalGit"
• "LocalGit"
• "BitbucketGit"
• "ExternalHg"
• "VSO"
• "CodePlexGit"

Managed Service Identity Id

true to use 32-bit worker process; otherwise, false.

Request tracing expiration time.

Handler mappings.

Command-line arguments to be passed to the script processor.

Requests with this extension will be handled using the specified FastCGI application.

The absolute path to the FastCGI application.

List of Azure Storage Accounts.

Azure Files or Blob Storage access information value for dictionary storage.

Name of the storage account.

Type of storage.

Possible values:

• "AzureFiles"
• "AzureBlob"

State of the storage account.

Possible values:

• "Ok"
• "NotValidated"
• "InvalidCredentials"
• "InvalidShare"

Name of the file share (container name, for Blob storage).

Access key for the storage account.

Path to mount the storage within the site's runtime environment.

Explicit Managed Service Identity Id

MinTlsVersion: configures the minimum version of TLS required for SSL requests

Possible values:

• "1.1"
• "1.0"
• "1.2"

IP security restrictions for main.

Priority of IP restriction rule.

Virtual network resource id

(internal) Subnet traffic tag

IP restriction rule name.

Allow or Deny access for this IP range.

IP restriction rule description.

IP address the security restriction is valid for. It can be in form of pure ipv4 address (required SubnetMask property) or CIDR notation such as ipv4/mask (leading bit match). For CIDR, SubnetMask property must not be specified.

(internal) Vnet traffic tag

Subnet mask for the range of IP addresses the restriction is valid for.

IP restriction rule headers. X-Forwarded-Host (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-Host#Examples). The matching logic is ..

• If the property is null or empty (default), all hosts(or lack of) are allowed.
• A value is compared using ordinal-ignore-case (excluding port number).
• Subdomain wildcards are permitted but don't match the root domain. For example, *.contoso.com matches the subdomain foo.contoso.com but not the root domain contoso.com or multi-level foo.bar.contoso.com
• Unicode host names are allowed but are converted to Punycode for matching.

X-Forwarded-For (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Forwarded-For#Examples). The matching logic is ..

• If the property is null or empty (default), any forwarded-for chains (or lack of) are allowed.
• If any address (excluding port number) in the chain (comma separated) matches the CIDR defined by the property.

X-Azure-FDID and X-FD-HealthProbe. The matching logic is exact match.

Defines what this IP filter will be used for. This is to support IP filtering on proxies.

Possible values:

• "XffProxy"
• "Default"
• "ServiceTag"

Resource type.

Kind of resource.