Geek Answers Handbook

Azure web application redirects http to https

I use Azure cloud with a web application and my server side written in nodejs . When the web application receives an HTTP request, I want to redirect the request to https. I found a solution. I put this in my web.config file inside the rules tag

  <rule name="Force HTTPS" enabled="true"> <match url="(.*)" ignoreCase="false" /> <conditions> <add input="{HTTPS}" pattern="off" /> </conditions> <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" appendQueryString="false" redirectType="Permanent" /> </rule>

The problem is that when I type in the browser " https://myURL.com , it redirects everything to the main screen, but when I change https to http" http://myURL.com , it redirects to https: // myURL.com/ "and add the URL" bin / www "according to what the URL looks like this: http://myURL.com/bin/www ", the answer is: the page was not found.

The question is, how do I redirect a clear URL without adding data to the URL?

Part of my web.config file:

 <rewrite> <rules> <!-- Do not interfere with requests for node-inspector debugging --> <rule name="NodeInspector" patternSyntax="ECMAScript" stopProcessing="true"> <match url="^bin/www\/debug[\/]?" /> </rule> <!-- First we consider whether the incoming URL matches a physical file in the /public folder --> <rule name="StaticContent"> <action type="Rewrite" url="public{REQUEST_URI}" /> </rule> <!-- All other URLs are mapped to the node.js site entry point --> <rule name="DynamicContent"> <conditions> <add input="{REQUEST_FILENAME}" matchType="IsFile" negate="True" /> </conditions> <action type="Rewrite" url="bin/www" /> </rule> <!-- Redirect all traffic to SSL --> <rule name="Force HTTPS" enabled="true"> <match url="(.*)" ignoreCase="false" /> <conditions> <add input="{HTTPS}" pattern="off" /> </conditions> <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" appendQueryString="false" redirectType="Permanent" /> </rule> </rules> </rewrite> <!-- 'bin' directory has no special meaning in node.js and apps can be placed in it --> <security> <requestFiltering> <hiddenSegments> <remove segment="bin" /> </hiddenSegments> </requestFiltering> </security>

Thanks for the answers, Michael.

+6
source share
3 answers

There is also a free and open extension for this.

  • Go to the web application settings sidebar, find the "Extensions" tab and click "Add."

Extension tab

  1. Scroll down and find the extension Redirect HTTP to HTTPS by gregjhogan.

Add extension

  1. Accept the terms.

Accept Terms

  1. Restart the web application for the action to take effect immediately.

  2. Done!

For more information on implementing this extension, check out the source code on GitHub . The most important source file is applicationhost.xdt .

Quote from GitHub ( 02-08-2017 ) (loans go to gregjhogan):

applicationhost.xdt

 <?xml version="1.0"?> <configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform"> <location path="%XDT_SITENAME%" xdt:Transform="InsertIfMissing" xdt:Locator="Match(path)"> <system.webServer xdt:Transform="InsertIfMissing"> <rewrite xdt:Transform="InsertIfMissing"> <rules xdt:Transform="InsertIfMissing" lockElements="clear"> <rule name="redirect HTTP to HTTPS" enabled="true" stopProcessing="true" lockItem="true"> <match url="(.*)" /> <conditions> <add input="{HTTPS}" pattern="off" ignoreCase="true" /> <add input="{WARMUP_REQUEST}" pattern="1" negate="true" /> </conditions> <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" appendQueryString="true" redirectType="Permanent" /> </rule> </rules> </rewrite> </system.webServer> </location> </configuration>
+5
source

R: 1 is a back link to a rule template. You add this to the url here:

 url="https://{HTTP_HOST}/{R:1}"

changing it to

 url="https://{HTTP_HOST}"

should lead to a redirect to the https root.

+3
source

As of November 2017, this is now a simple switch on the Azure Portal: “HTTPS only” in the “User Domains” section.

https://blogs.msdn.microsoft.com/benjaminperkins/2017/11/30/how-to-make-an-azure-app-service-https-only/

ARM is also very easy: "httpsOnly": true

0
source

More articles:


All Articles