Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Is it possible to disable HTTP on an azure app service, not just redirect it to HTTPS

In azure app services you are able to redirect HTTP traffic to HTTPS either via the web.config file or through the custom domains blade in azure portal. Is it possible to disable HTTP completely without doing a redirect?

like image 267
Tommy Avatar asked Jan 22 '18 21:01

Tommy


People also ask

How do I make an Azure app service HTTPS only?

Enforce HTTPSIn your app page, in the left navigation, select TLS/SSL settings. Then, in HTTPS Only, select On. If selected HTTPS Only, Off It means anyone can still access your app using HTTP. You can redirect all HTTP requests to the HTTPS port by selecting On.

What is required to enable HTTPS for an Azure app?

Upload certificate to App Service In the Azure portal, from the left menu, select App Services > <app-name>. From your app's navigation menu, select TLS/SSL settings > Private Key Certificates (. pfx) > Upload Certificate.


1 Answers

Here is a way to achieve this:

  • Go to Kudu console for the Web App
  • Go into the D:\home\site folder
  • Create a file called applicationhost.xdt in that folder, with the following content (you can drag/drop it from your local machine):

    <?xml version="1.0"?>
    <configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
      <location path="%XDT_SITENAME%" xdt:Transform="InsertIfMissing" xdt:Locator="Match(path)">
        <system.webServer xdt:Transform="InsertIfMissing">
          <rewrite xdt:Transform="InsertIfMissing">
            <rules xdt:Transform="InsertIfMissing">
              <rule name="Disable HTTP" enabled="true" stopProcessing="true">
                <match url="(.*)" ignoreCase="false" />
                <conditions>
                  <add input="{HTTPS}" pattern="off" />
                  <add input="{WARMUP_REQUEST}" pattern="1" negate="true" />
                </conditions>
                <action type="CustomResponse" statusCode="401" />
              </rule>
            </rules>
          </rewrite>    
        </system.webServer>
      </location>
    </configuration>
    

This will make http requests fail with 401 (you can customize the response in the <action> tag).

like image 88
David Ebbo Avatar answered Sep 21 '22 23:09

David Ebbo