Forward http to https in Azure

Question

We have a deployment on Azure with a Web Role that uses https. Since this is the only way we would like our users to access the system, we want to forward users that visit the http version to the https version.

We have tried the recommendations here.

Namely, we added the following to our web.config:

<system.webServer>
<rewrite>
  <rules>
    <rule name="HTTP to HTTPS redirect" stopProcessing="true">
      <match url="(.*)" />
      <conditions>
        <add input="{HTTPS}" pattern="off" ignoreCase="true" />
      </conditions>
      <action type="Redirect" redirectType="Found" url="https://{HTTP_HOST}/{R:1}" />
    </rule>
  </rules>
</rewrite>

However, this doesn't seem to work. Does anybody have any idea how to accomplish this? It seems like it would be a common request...

To get my static angular site working with HTTPS, I use (*) instead of (.*) and I have a catchall that redirects to index.html, and I removed all my default documents under Application Settings. — Rusty Rob, Aug 24 '17 at 04:36

Kevin Cloet · Accepted Answer · 2015-04-22T13:25:08.573

22

Smarx just made a blog post about this a couple of minutes again ;)

http://blog.smarx.com/posts/redirecting-to-https-in-windows-azure-two-methods

In case the site goes down here is a summary:

IIS URL Rewrite

If you’re not using ASP.NET MVC but are using IIS (as in a web role), you can use the URL Rewrite module, which is installed by default. Using this module to redirect to HTTPS is fairly trivial and documented elsewhere, but getting everything to work properly in the local compute emulator is non-trivial. In particular, most examples you’ll find assume that HTTP traffic will always be on port 80, which isn’t always the case when testing under the compute emulator. Here’s a rule that seems to work locally and in the cloud:

<system.webServer>
  <rewrite>
    <rules>
      <rule name="Redirect to HTTPS">
        <match url="(.*)" />
        <conditions>
          <add input="{HTTPS}" pattern="off" ignoreCase="true" />
          <add input="{URL}" pattern="/$" negate="true" />
          <add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
        </conditions>
        <action type="Redirect" url="https://{SERVER_NAME}/{R:1}" redirectType="SeeOther" />
      </rule>
    </rules>
  </rewrite>

edited Apr 22 '15 at 13:25

answered Aug 10 '11 at 21:39

Kevin Cloet

2,956
1
19
36

3

I sure did. :-) I'll add to that thread, too... using {SERVER_NAME} instead of {HTTP_HOST} improves the experience on the compute emulator (since the original port is rarely 80, so you end up with weird things like `https://foo:81`, which doesn't work). – user94559 Aug 11 '11 at 02:56
1

I tried adding the rule in the config but it is not working. Is this method still working with the current azure environment? – Marcom Oct 15 '12 at 13:52
1

Hey, this is a [link only answer](http://stackoverflow.com/help/how-to-answer), can you pull the highlights into your answer so we dont lose it if the remote site goes down? – undefined Apr 22 '15 at 03:21
@LukeMcGregor Added the essentials into the answer it self. – Kevin Cloet Apr 22 '15 at 13:25
The only comment I have is that for the local development this config is not perfect still, since it looses the port and has no way to guess a new port. I moved this rule to Web.Release.config and added xdt:Transform="Insert" rule to it. Please also note the sample above has root url redirect disabled. – Alex Sorokoletov Sep 19 '16 at 02:49
@AlexSorokoletov Replace `{SERVER_NAME}` with `{HTTP_HOST}`, but keep in mind that HTTPS is rarely hosted on the same port as HTTP. – wizzwizz4 Dec 02 '17 at 12:53

score 6 · Answer 2 · edited May 23 '17 at 10:30

Just adding to Kevin Cloet's answer to Smarx's blog. To set RequireHttps attribute only in Release mode, you can use HttpContext.Current.IsDebuggingEnabled

    public static void RegisterGlobalFilters(GlobalFilterCollection filters) {

        if (!HttpContext.Current.IsDebuggingEnabled) {
            filters.Add(new RequireHttpsAttribute());
        }
    }

Please refer to this link: https://stackoverflow.com/a/27324439/1933168

score 3 · Answer 3 · answered Jul 10 '15 at 18:58

Adding to the answers already mentioned here. This is obvious once you think about it but wasn't to me when I first read this post.

You do have to ensure you are opening up port 80 and binding it to your site via your ServiceDefinition file for this to work.

Sample entries look like:

   <Sites>
      <Site name="Web" physicalDirectory=".\SitesRoot">
        <VirtualDirectory name="www" physicalDirectory=".\SitesRoot\dist" />
        <Bindings>
          <Binding name="HttpsEndpoint" endpointName="HttpsEndpoint" />
          <Binding name="HttpEndpoint" endpointName="HttpEndpoint" />
        </Bindings>
      </Site>
    </Sites>

    <Endpoints>
      <InputEndpoint name="HttpsEndpoint" protocol="https" port="443" certificate="MY_SSL_CERT.pfx" />
      <InputEndpoint name="HttpEndpoint" protocol="http" port="80" />
    </Endpoints>

score 2 · Answer 4 · answered Aug 01 '17 at 05:30

2

The easiest way to do it is to install the Redirect HTTP to HTTPS extension.

To install it, open up your Web App from the Dashboard and click on the Extensions tab.

Search for Redirect HTTP to HTTPS and install it.

That's it. No setup or complicated config instructions

answered Aug 01 '17 at 05:30

The others are answers for IIS. This is the answer for Azure. – wizzwizz4 Dec 02 '17 at 13:22

Forward http to https in Azure

4 Answers4