Reputation: 560
How to Disable HTTP to HTTPS Redirection on App Service?
How do I prevent an Azure App Service redirecting from HTTP to HTTPS after I create an HTTP Custom Domain to an App Service?
HTTPS Only is disabled Authentication is disabled as per How to remove Azure SSL binding?
Background: The App Service is fronted by an App Gateway which handles all the HTTPS traffic. The App Service re-writes headers and also Set-Cookie. There is a bug / limitation as per https://learn.microsoft.com/en-us/azure/application-gateway/rewrite-http-headers: "If a response has more than one header with the same name, then rewriting the value of one of those headers will result in dropping the other headers in the response. This can usually happen with Set-Cookie header since you can have more than one Set-Cookie header in a response." We are encumbered by this limitation. This means that we cannot use the first workaround described here: https://learn.microsoft.com/en-us/azure/application-gateway/troubleshoot-app-service-redirection-app-service-url "Solution: Rewrite the location header". We are there forced to use the second solution instead which is essentially to pass the traffic through to the back end App Service as described in "Alternate solution: Use a custom domain name". The examples all use HTTP for the back end. We did try HTTPS as the back end but that requires the deployment (we use Azure Devops) to push the cert to the App Service as well as the App Gateway, something that would seem to be a lot of effort for a simple requirement - especially as all the Microsoft examples use HTTP at the back end if there is an App Gateway protecting it.
This is all a stop-gap until the Application Gateway is able to handle multiple Set-Cookie rewrites corrrectly.
Upvotes: 2
Views: 2676
Answers (2)
Reputation: 560
As well as disabling forced HTTPS in the App Service, a second thing was required:
app.UseHttpsRedirection(); had been set in the Startup.cs file.
This forces the redirection in code independently of the App Service setting. Commenting it out disabled the redirection, solving the problem.
Upvotes: 6
Reputation: 21883
I think the permanent 301 returned from the azure website when HTTPS only was ON for a while and you can test your site with the setting enabled.
Disabling the cache in Chrome DEV tools and explicitly calling the url with http again then works just fine for me.
For more details, u can see the post.
The above answers are endorsed by the initiator of the post and the answerers, and I hope it will be useful to you.
Upvotes: 3
Related Questions
- Azure web app redirect http to https
- How to disable HTTPS redirection in Azure Website
- Redirect HTTP to HTTPS in Azure Application Gateway
- HTTPS redirect works locally but not on azure
- Is it possible to disable HTTP on an azure app service, not just redirect it to HTTPS
- Azure Web App - redirect all traffic from http to https
- Azure web app automatically redirect from Http to Https
- Redirect from https to http in Azure Web App service
- web.config redirect to https with 301 status code
- Azure forcing https for no reason?