Description:

This control ensures that HTTP request and response logs are enabled for Azure App Services to capture web server activity. HTTP logs help administrators monitor traffic patterns, diagnose issues, detect suspicious behavior, and support auditing and forensic analysis.


Rationale:

HTTP logs provide visibility into application access and errors. Without them, troubleshooting incidents, detecting abuse, or performing investigations becomes difficult. Enabling logs ensures traceability and supports security monitoring and operational troubleshooting.


Impact:

Enabling HTTP logs may increase storage usage and generate additional data. There is no performance impact on the application, but log retention policies should be configured to control storage cost and volume.


Test Plan:

  1. Sign in to the Azure Portal.

  2. Go to App Services.

  3. Select the Web App you want to audit.

  4. On the left pane under Monitoring, click on Diagnostic settings.

  5. Check that diagnostic settings are enabled for HTTP.

  6. If not enabled, follow the implementation steps



Implementation Steps:

  1. Sign in to the Azure portal:  https://portal.azure.com

  2. Search for the App Services and select the app services.

  3. On the left pane under the monitoring section, click on Diagnostic settings.

                                      


  1. Click on Add diagnostic settings.

  2. Provide a meaningful name for the diagnostic settings. 

  3. Under Log categories, select HTTP, and under Destination details, choose the storage account or log analytics workspace where you want the logs to be stored.

  


     

   


  1. Save the changes.

 

Backout Plan:

  1. Log in to Azure Portal: https://portal.azure.com

  2. Search and select App Services from the portal menu.

  3. Click the App Service where HTTP logs were enabled.

  4. Go to Monitoring and select diagnostic settings, and select the diagnostic settings for HTTP.


References: