I'm setting up an API on Azure as a web service. I want it to force HTTPS for all the HTTP verbs (GET, POST, DELETE, etc.)
The blog post here tells to add a rule in the web.config file (towards the bottom of the blog post, it's quite lengthy.) Here is the rule:
<!-- BEGIN rule TAG FOR HTTPS REDIRECT -->
<rule name="Force HTTPS" enabled="true">
<match url="(.*)" ignoreCase="false" />
<conditions>
<add input="{HTTPS}" pattern="off" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" appendQueryString="true" redirectType="Permanent" />
</rule>
<!-- END rule TAG FOR HTTPS REDIRECT -->
I tried doing that and it works okay for GET requests. However, when I try for POST requests, the web service now somehow interprets that request as GET request.
Any pointers on how to set up the rule for remaining verbs as well?
GETs are enabled by default,
you have to enable the other http verbs.
Shortest Version is the "Enable HTTP Verbs" section in the
azure cheat sheet:
http://microsoftazurewebsitescheatsheet.info
Related
I have a website on an EC2 service from AWS. The web domain was purchased on Namecheap with SSL protection. I was investigating how to activate this ssl protection. The first thing I did was to generate the CSR code from my EC2 instance. Then I went to Namecheap to use this code and activate the SSL Protection. I complete the DCV validation using the "HTTP-based validation". Now in my Namecheap main panel the SSL certificate says to be active. But when wanting to go to my website, it still does not appear. Is there something I need to do? Thank you all for your time!
Yes, you will need to install the certificate and private key on your web server. You will also need to setup / enable HTTPS on your web server.
https://www.namecheap.com/support/knowledgebase/article.aspx/795/14/how-to-install-ssl-certificates
I can't understand your question clearly but try this and see if it helps - add this to your web config file
<system.webServer>
<rewrite>
<rules>
<clear />
<rule name="Redirect to https" stopProcessing="true">
<match url=".*" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}"
redirectType="Permanent" appendQueryString="false" />
</rule>
</rules>
</rewrite>
</system.webServer>
I have my website in Azure named
djangoproj.azurewebsites.net
When I request homepage it goes to http://djangoproj.azurewebsites.net. I know all projects in azure are SSL protected and when i type https://djangoproj.azurewebsites.net, it works fine ! I can access the site via https. But how do i make it to default https in azure? because when i call the homepage, it gives http response by default until i forcibly specify https.
How do i make default https in azurewebsite ?
The setting SECURE_SSL_REDIRECT will redirect all traffic to https when set to True.
Relevent section in the docs
In your web.config (for example, web.3.4.config in your repository root), append the following rule to the rules section:
<rule name="Force HTTPS" enabled="true">
<match url="(.*)" ignoreCase="false" />
<conditions>
<add input="{HTTPS}" pattern="off" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" appendQueryString="true" redirectType="Permanent" />
</rule>
I have this in production on a django 1.9 app on Azure App service.
I am using the IIS URL Rewrite module on a Windows 2012 server. I only want to add a canonical www rule if a subdomain is missing (or an exact match on 'example.com').
The problem is the ready-made Canonical rewrite rule IIS creates rewrites all traffic (*) for all subdomains to www.
<rule name="CanonicalHostNameRule1">
<match url="(.*)" />
<conditions>
<add input="{HTTP_HOST}" pattern="^www\.example\.com$" negate="true" />
</conditions>
<action type="Redirect" url="http://www.example.com/{R:1}" />
</rule>
The problem is that I have multiple subdomains / applications under one site (and therefore one web.config).
I want
example.com
to go to
www.example.com
but to leave these and any other subdomain alone:
secure.example.com
profile.example.com
Do I need a more specific match regex or pattern?
More specifically, the secure subdomain uses https and a better encryption certificate.
You're looking for everything that is not www.example.com. And that includes all other sub-domains.
Let's have a look at your condition:
<add input="{HTTP_HOST}" pattern="^www\.example\.com$" negate="true" />
If www.example.com comes in --> match = true --> negate --> false --> nothing is changed (as you want)
If example.com comes in --> match = false --> negate --> true --> URL gets redirected (as you want)
If foo.example.com comes in --> match = false --> negate --> true --> URL get redirected (as you don't want)
To fix this, try this configuration:
<rule name="Redirect to www" stopProcessing="true">
<match url="(.*)" />
<conditions trackAllCaptures="true">
<add input="{CACHE_URL}" pattern="^(.+)://" />
<add input="{HTTP_HOST}" pattern="^example\.com$" />
</conditions>
<action type="Redirect" url="{C:1}://www.example.com/{R:1}" />
</rule>
The C:1 part is for the protocol (http and https).
Found here.
This regex is better:
^(w{3}\.)?\w+\.com/
This regex will give you the option to get url with and without the www. and the / at the end, but still wont math a subdomain.
I have an IIS Site with Rewrite Rule to redirect all requests to HTTPS.
I have a internal web service which works with HTTP but rewrite rule modify "http" request to a "https". When happens is the web service returns an error "Object Moved". I tried use "AllowAutoRedirect" with true value but it doesn't work.
How to create a EXCEPT Rewrite Rule to access this web service? how to make web service work with HTTPS protocol?
One way is to add the rule before the "global redirect" and make sure to use stopProcessing="true" so that the next rule is not executed, for example the following rule will allow HTTP only on requests to the segment "foo/", everything else will redirect to SSL:
<rewrite>
<rules>
<rule name="Allow requests to the folder foo over non-https" stopProcessing="true">
<match url="^foo/.*" />
<action type="None" />
</rule>
<!-- Else redirect ALL request to HTTPS -->
<rule name="Redirect to https">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="Off" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" />
</rule>
</rules>
</rewrite>
My website was accessible by both HTTP and HTTPS until the SEO gents said we should go with one or the other (to avoid duplicate content). We've implemented an HTTPS -> HTTP redirect for all content on the site to do this which was set up via the web.config file.
However, now I need to open access of one file to HTTPS to load it properly in an HTTPS environment. Any assistance would be awesome.
Here is the redirect code:
<rule name="Redirect HTTPS to HTTP" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="^on$" ignoreCase="true"/>
</conditions>
<action type="Redirect" url="http://{HTTP_HOST}/{R:1}" redirectType="Found" />
</rule>
Edit: After thinking about it a bit more, what if I just wanted to allow images (.jpg, .gif, .png) to be accessed via HTTPS? I suppose what I'd need then is an inverse regex. like: match url="!((.jpg)(.gif)(.png))"
solved by adding a rule that didn't redirect to HTTP for .jpg files:
<rule name="allow jpg to use https" stopProcessing="true">
<match url="(.*)(jpg)" />
<conditions>
<add input="{HTTPS}" pattern="^on$" ignoreCase="true"/>
</conditions>
</rule>