How to make my azure django project https? - django

I have my website in Azure named
djangoproj.azurewebsites.net
When I request homepage it goes to http://djangoproj.azurewebsites.net. I know all projects in azure are SSL protected and when i type https://djangoproj.azurewebsites.net, it works fine ! I can access the site via https. But how do i make it to default https in azure? because when i call the homepage, it gives http response by default until i forcibly specify https.
How do i make default https in azurewebsite ?

The setting SECURE_SSL_REDIRECT will redirect all traffic to https when set to True.
Relevent section in the docs

In your web.config (for example, web.3.4.config in your repository root), append the following rule to the rules section:
<rule name="Force HTTPS" enabled="true">
<match url="(.*)" ignoreCase="false" />
<conditions>
<add input="{HTTPS}" pattern="off" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" appendQueryString="true" redirectType="Permanent" />
</rule>
I have this in production on a django 1.9 app on Azure App service.

Related

Activate SSL Namecheap with EC2 Server

I have a website on an EC2 service from AWS. The web domain was purchased on Namecheap with SSL protection. I was investigating how to activate this ssl protection. The first thing I did was to generate the CSR code from my EC2 instance. Then I went to Namecheap to use this code and activate the SSL Protection. I complete the DCV validation using the "HTTP-based validation". Now in my Namecheap main panel the SSL certificate says to be active. But when wanting to go to my website, it still does not appear. Is there something I need to do? Thank you all for your time!
Yes, you will need to install the certificate and private key on your web server. You will also need to setup / enable HTTPS on your web server.
https://www.namecheap.com/support/knowledgebase/article.aspx/795/14/how-to-install-ssl-certificates
I can't understand your question clearly but try this and see if it helps - add this to your web config file
<system.webServer>
<rewrite>
<rules>
<clear />
<rule name="Redirect to https" stopProcessing="true">
<match url=".*" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}"
redirectType="Permanent" appendQueryString="false" />
</rule>
</rules>
</rewrite>
</system.webServer>

Force HTTPS redirection on Azure web service (API)

I'm setting up an API on Azure as a web service. I want it to force HTTPS for all the HTTP verbs (GET, POST, DELETE, etc.)
The blog post here tells to add a rule in the web.config file (towards the bottom of the blog post, it's quite lengthy.) Here is the rule:
<!-- BEGIN rule TAG FOR HTTPS REDIRECT -->
<rule name="Force HTTPS" enabled="true">
<match url="(.*)" ignoreCase="false" />
<conditions>
<add input="{HTTPS}" pattern="off" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" appendQueryString="true" redirectType="Permanent" />
</rule>
<!-- END rule TAG FOR HTTPS REDIRECT -->
I tried doing that and it works okay for GET requests. However, when I try for POST requests, the web service now somehow interprets that request as GET request.
Any pointers on how to set up the rule for remaining verbs as well?
GETs are enabled by default,
you have to enable the other http verbs.
Shortest Version is the "Enable HTTP Verbs" section in the
azure cheat sheet:
http://microsoftazurewebsitescheatsheet.info

How to create a EXCEPT Rewrite Rule at IIS

I have an IIS Site with Rewrite Rule to redirect all requests to HTTPS.
I have a internal web service which works with HTTP but rewrite rule modify "http" request to a "https". When happens is the web service returns an error "Object Moved". I tried use "AllowAutoRedirect" with true value but it doesn't work.
How to create a EXCEPT Rewrite Rule to access this web service? how to make web service work with HTTPS protocol?
One way is to add the rule before the "global redirect" and make sure to use stopProcessing="true" so that the next rule is not executed, for example the following rule will allow HTTP only on requests to the segment "foo/", everything else will redirect to SSL:
<rewrite>
<rules>
<rule name="Allow requests to the folder foo over non-https" stopProcessing="true">
<match url="^foo/.*" />
<action type="None" />
</rule>
<!-- Else redirect ALL request to HTTPS -->
<rule name="Redirect to https">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="Off" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" />
</rule>
</rules>
</rewrite>

allow https to a single file on site with https redirecting to http (via web.config)

My website was accessible by both HTTP and HTTPS until the SEO gents said we should go with one or the other (to avoid duplicate content). We've implemented an HTTPS -> HTTP redirect for all content on the site to do this which was set up via the web.config file.
However, now I need to open access of one file to HTTPS to load it properly in an HTTPS environment. Any assistance would be awesome.
Here is the redirect code:
<rule name="Redirect HTTPS to HTTP" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="^on$" ignoreCase="true"/>
</conditions>
<action type="Redirect" url="http://{HTTP_HOST}/{R:1}" redirectType="Found" />
</rule>
Edit: After thinking about it a bit more, what if I just wanted to allow images (.jpg, .gif, .png) to be accessed via HTTPS? I suppose what I'd need then is an inverse regex. like: match url="!((.jpg)(.gif)(.png))"
solved by adding a rule that didn't redirect to HTTP for .jpg files:
<rule name="allow jpg to use https" stopProcessing="true">
<match url="(.*)(jpg)" />
<conditions>
<add input="{HTTPS}" pattern="^on$" ignoreCase="true"/>
</conditions>
</rule>

URL Rewrite Redirect doesn't quite work

I am using URL Rewrite Rules in my WEB.CONFIG. I have the site set up in IIS. Just a very quick and simple site.
This is how my Web.config looks like.
<rule name="CTVNews Articles" stopProcessing="true">
<match url="(.*?)CTVNews(/?)(.*)" />
<action type="Redirect" url="http://www.ctvnews.ca{R:2}{R:3}" appendQueryString="true" redirectType="Permanent" />
</rule>
This is the entry in my default.aspx page that i want to redirect
a href="http://www.ctv.ca/CTVNews/TopStories/20110106/domtar-investment-110106">Click here to redirect
So, nothing fancy. But The redirect just doesnt work. And I think my entry in the web.config is correct.
Do I need to set up the host file at all for this?