CODEWITHSUNDEEP
node.jsazureexpresssocket.ioazure-web-app-service
zdebyman
zdebyman

Reputation: 650

Forcing HTTPS requests in Node.js server on Azure websites

I have Node.js server deployed in IIS on Azure web sites and I want to block or redirect http requests. I use Express + socket.io in my server.

I found 2 ways to do that:

  1. in actual socket.io code by passing allowRequest parameter to socket.io. So my code will look like that :

    var checkRequest = function (req, fn) {
           fn(err, true);
    };

var ioOptions = {
            pingInterval: socketPingInterval,
            pingTimeout: socketPingTimeout,
            path: "/" + config.API_VERSION + "/socket.io",  
            allowRequest : checkRequest
    };

    _socketListener = io.listen(server, ioOptions);

The problem is that code never enters checkRequest method, and I don't know why.

  1. Add rule to web.config file. I checked several forums, and everybody says that if I add this code:

<rule name="RedirecttoHTTPS">
        <match url="(.*)" />
            <conditions>
                <add input="{HTTPS}" pattern="off" ignoreCase="true" />
                <add input="{URL}" pattern="/$" negate="true" />
                <add input="{REQUEST_FILENAME}" matchType="IsFile" negate="true" />
            </conditions>
            <action type="Redirect" url="https://{SERVER_NAME}/{R:1}" redirectType="SeeOther" />
</rule>

It will redirect my hpt requests to HTTPS. But it still works and I can access via HTTP.

What can I try next?

Upvotes: 0

Views: 142

Answers (2)

CurtisJD
CurtisJD

Reputation: 46

This worked for me with a Node web app in Azure...

https://stpdev.wordpress.com/2015/09/23/force-https-redirection-for-nodejs-apps-hosted-in-azure/

<rewrite>
    <rules>
        <rule name="Force HTTPS" enabled="true">
            <match url="(.*)" ignoreCase="false" />
            <conditions>
                <add input="{HTTPS}" pattern="off" />
            </conditions>
            <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" appendQueryString="true" redirectType="Permanent" />
        </rule>
    </rules>
</rewrite>

Upvotes: 1

David Ebbo
David Ebbo

Reputation: 43183

Using Kudu Console, create an applicationhost.xdt file in your d:\home\site folder, containing the following:

  <rewrite xdt:Transform="InsertIfMissing">
    <rules xdt:Transform="InsertIfMissing">
      <rule name="Force HTTPS" enabled="true" stopProcessing="true">
        <match url="(.*)" ignoreCase="false" />
        <conditions>
          <add input="{HTTPS}" pattern="off" />
          <add input="{WARMUP_REQUEST}" pattern="1" negate="true" />
        </conditions>
        <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" appendQueryString="true" redirectType="Permanent" />
      </rule>
    </rules>
  </rewrite>    
</system.webServer>

And remove whatever you added to your web.config. This should just work.

Upvotes: 2

Related Questions