Azure web app redirect http to https

azure azure-web-app-service

Go to Azure portal and open the overview page of the (Web) App Service you wanna set to HTTPS only. In the sidebar, under the Settings section, there is an option for TLS/SSL Settings.

On clicking it, you will get an option on the screen to set your app's protocol to HTTPS only. There isn't any need to manually add separate ruleset for this.

This works on every tier of App Service Plan including the 'F'-Series (free subscription).

TLS/SSL Settings Page

Note that, if you are adding any custom domain you also need to add corresponding SSL bindings, you can easily get them using LetsEncrypt or alike. If any of the custom hostnames for your app are missing SSL bindings, then:

When HTTPS Only is enabled clients accessing your app on those custom hostnames will see security warnings.

PS: I just saw that this question was asked about 3 years ago and that time maybe there was no direct option to do this. But even so, I'm posting my answer because on Google (as on February 2020) this question still ranks first among others regd. automatic HTTPS redirection in Azure.


As of November 2017, this is now a simple switch in the Azure Portal: "HTTPS Only", under Custom domains.

https://blogs.msdn.microsoft.com/benjaminperkins/2017/11/30/how-to-make-an-azure-app-service-https-only/

It's also very easy in ARM: “httpsOnly”: true


There is also a free and open source extension for this.

  1. Go to your Web App settings sidebar, search for the "Extensions" tab and click on "Add".

Extension Tab

  1. Scroll down and find the extension Redirect HTTP to HTTPS by gregjhogan.

Add Extension

  1. Accept the terms.

Accept Terms

  1. Restart the Web App for the actions to take effect immediately.

  2. Done !

For further details on the implementation of this extension, check the source code on GitHub. The most important source file is the applicationhost.xdt.

Quote from GitHub (02-08-2017) (credits go to gregjhogan):

applicationhost.xdt

<?xml version="1.0"?>
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
    <location path="%XDT_SITENAME%" xdt:Transform="InsertIfMissing" xdt:Locator="Match(path)">
        <system.webServer xdt:Transform="InsertIfMissing">
            <rewrite xdt:Transform="InsertIfMissing">
                <rules xdt:Transform="InsertIfMissing" lockElements="clear">
                    <rule name="redirect HTTP to HTTPS" enabled="true" stopProcessing="true" lockItem="true">
                        <match url="(.*)" />
                        <conditions>
                            <add input="{HTTPS}" pattern="off" ignoreCase="true" />
                            <add input="{WARMUP_REQUEST}" pattern="1" negate="true" />
                        </conditions>
                        <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" appendQueryString="true" redirectType="Permanent" />
                    </rule>
                </rules>
            </rewrite>
        </system.webServer>
    </location>
</configuration>

R:1 is a back-reference to the rule pattern. You append that to the url here:

url="https://{HTTP_HOST}/{R:1}"

changing that into 

url="https://{HTTP_HOST}"

should result in a redirect to the https root.

Related

How to create one row per id per month?
add new column based on two other columns with several conditions, character
How to check that a string is equal to one of two strings in Python
How to get vocabulary size of word2vec?
Create new color scheme for dark-light mode in bootstrap sass
Can't access jupyter notebook from docker
Create bootable ISO from Live USB
CD/DVD burn error in ImgBurn and Nero
Create shortcut to a specific folder in the 'Send To' context menu?
AMD Processor - What am I doing wrong that I'm not being able to use any emulator in my Windows 10?
How can Windows 7 disallow "tapping the mousepad (touchpad) to work as a click"?
SSH authentification with public key fails