CODEWITHSUNDEEP
azurehttp-redirect
onTheInternet
onTheInternet

Reputation: 7253

Do I need anything besides code written in web.config to redirect website hosted on azure to https

I have a website that I host on azure. I recently bought an SSL and configured it. Now users can visit my site by typing in either http://example.com or https://example.com.

What I want is for users who type in the former to be automatically redirected to the latter while also keeping anything after the .com

So if a user types in http://example.com/about they will be redirected instead to https://example.com/about.

After some reading, I've come across this code that seems to do what I want

<system.webServer>
<rewrite>
<rules>
<rule name=”Redirect to https”>
<match url=”(.*)”/>
<conditions>
<add input=”{HTTPS}” pattern=”Off”/>
<add input=”{REQUEST_METHOD}” pattern=”^get$|^head$” />
</conditions>
<action type=”Redirect” url=”https://{HTTP_HOST}/{R:1}”/>
</rule>
</rules>
</rewrite>
</system.webServer>

But before I add this to my web.config file I have a few questions.

  1. What is the IIS url rewrite module? IIS Rewrite and is it required to be installed on my azure hosted websites before I upload my new web.config file.
  2. How can I also include removing www from my URL when a user enters it. For example if a user types in www.example.com they should be redirected to https://example.com instead. The reason that I want this is because in my google search console I've told google to display URLs as example.com rather then www.example.com
  3. and finally, will this code do what I'm looking for? Is there a more professional way to achieve this? What are the benefits. I should note that my sites are asp .net web forms. I know MVC has routing options but that is not an option for me.

Edit : I don't think How to force HTTPS using a web.config file solves my issue because I don't even know if I can install the URL Rewrite module since I am not hosting IIS myself. Does azure give you access to the IIS settings? I am unfamiliar with azure details.

Upvotes: 2

Views: 672

Answers (2)

Derrick
Derrick

Reputation: 1606

I would add one last thing. Assuming you are running on Azure Web Apps, they have various probes to your site for warm up and initialization. You probably don't want these probes to also be redirected, otherwise, you may have some issues when you restart or use Azure's swaps feature for stuff like blue/green deployments. These probes would then be return with a 301/302 rather than actually hitting your site (and Azure doesn't actually follow the redirect)

More examples https://github.com/projectkudu/kudu/wiki/Xdt-transform-samples

    <rule name="Redirect to non-WWW" stopProcessing="true">
      <match url="(.*)" />
      <conditions>
        <add input="{HTTP_HOST}" pattern="www.example.com$" />
        <add input="{HTTP_USER_AGENT}" pattern="Initialization" negate="true" /> <!-- IIS Application Initialization Warmup -->
        <add input="{HTTP_USER_AGENT}" pattern="SiteWarmup" negate="true" /> <!-- Azure WebApps Warmup Request -->
        <add input="{HTTP_USER_AGENT}" pattern="AlwaysOn" negate="true" /> <!-- Azure WebApps AlwaysOn Probes -->
      </conditions>
      <action type="Redirect" redirectType="Permanent" url="https://example.com/{R:1}" />
    </rule>

    <!-- Redirect to HTTPS Version -->
    <rule name="HTTP to HTTPS redirect" stopProcessing="true">
      <match url="(.*)" />
      <conditions>
        <add input="{HTTPS}" pattern="off" ignoreCase="true" />
        <add input="{HTTP_USER_AGENT}" pattern="Initialization" negate="true" />
        <add input="{HTTP_USER_AGENT}" pattern="SiteWarmup" negate="true" />
        <add input="{HTTP_USER_AGENT}" pattern="AlwaysOn" negate="true" />
      </conditions>
      <action type="Redirect" redirectType="Permanent" url="https://{HTTP_HOST}/{R:1}" />
    </rule>

Upvotes: 0

juvchan
juvchan

Reputation: 6255

The Microsoft URL Rewrite Module for IIS enables IIS administrators to create powerful customized rules to map request URLs to friendly URLs that are easier for users to remember and easier for search engines to find.

This module is pre-installed for Azure Web App, as shown when inspect the applicationHost.config of the Azure Web App in Kudu.

Hence, you do not need to worry about the availability of the module for Azure Web App.

URL Rewrite Module in Azure Web App

The URL Rewrite configuration to enforce HTTPS redirection for Azure web app is the simplest way to achieve what you intend. Your above configuration will apply only if the request method is either HTTP GET or HTTP HEAD. The below configuration will not have such limitation.

<system.webServer>
    <rewrite>
        <rules>
            <rule name="Force HTTPS Redirection" enabled="true" stopProcessing="true">
                <match url="^$" ignoreCase="false"/>
                <conditions>
                    <add input="{HTTPS}" pattern="^OFF$"/>
                </conditions>
                <action type="Redirect" url="https://{HTTP_HOST}/" redirectType="Permanent"/>
            </rule>
        </rules>
    </rewrite>
</system.webServer>

Upvotes: 3

Related Questions