Using URL Rewrite to work around Azure Application Gateway / web application http limitations

Question

I essentially have the same issue as desribed here Redirect HTTP to HTTPS in Azure Application Gateway but am trying to solve it a different way.

My back end web application works fine when both http and https are open on the AAG, however when you click on a link generated by the webapp to another page the url sent back to the client is for http not https. Obcviously the proper solution is to make the web app aware it is behind a reverse proxy and generate links accordingly. In the short term I have been attempting, and failing, to use the IIS url rewrite module to either:

a) Using an inbound rule, rewrite (not redirect) the incoming URLs as https which ought to force the responses to contain https urls (a redirect causes an infitite loop as AAG forwards everything to the back end web servers as http). I'm guessing this is impossible because its essentially creating a secure channel between itself.

b) Using an outbound rule, rewrite the responses so the urls are https instead of http. This is proving to be very difficult as I don't understand what parts of the responses I need to be modifying. I'm hoping this approach is possible though?

Answer 1

For the uninitiated, the answer is to use custom tags in an outbound rule, which match the html elements containing the values that need modifying.

The drawback is of course that it means the web server is having to do a patter match & replace on every single page it serves unless you can use conditions to limit the scope. Still very inefficient compared to fixing the code so it is proxy aware!