Wednesday, June 6, 2018

Routing and forcing HTTP request and URL to HTTPS in Azure app service

If you have a REST server it is mandatory to have some standard security in place. The first and foremost security is connection to your REST services and APIs. Basic is make it HTTPS. Now as it is an web service usually it has HTTP on it. You can stop it by blocking the port 80 which is not OK in case you are doing scale up and scale down of your service. So what to chose?

Easy way is to use the web.conf  file in the Azure application services wwwroot directory as a place.
Just put the following texts on the wwwroot/web.conf file and restart the service.

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
  <system.webServer>
    <rewrite>
      <rules>
        <!-- BEGIN rule TAG FOR HTTPS REDIRECT -->
        <rule name="Force HTTPS" enabled="true">
          <match url="(.*)" ignoreCase="false" />
          <conditions>
            <add input="{HTTPS}" pattern="off" />
          </conditions>
          <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" appendQueryString="true" redirectType="Permanent" />
        </rule>
        <!-- END rule TAG FOR HTTPS REDIRECT -->
      </rules>
    </rewrite>
  </system.webServer>
</configuration>

No comments:

Post a Comment