In azure app services you are able to redirect HTTP traffic to HTTPS either via the web.config file or through the custom domains blade in azure portal. Is it possible to disable HTTP completely without doing a redirect?
Enforce HTTPSIn your app page, in the left navigation, select TLS/SSL settings. Then, in HTTPS Only, select On. If selected HTTPS Only, Off It means anyone can still access your app using HTTP. You can redirect all HTTP requests to the HTTPS port by selecting On.
Upload certificate to App Service In the Azure portal, from the left menu, select App Services > <app-name>. From your app's navigation menu, select TLS/SSL settings > Private Key Certificates (. pfx) > Upload Certificate.
Here is a way to achieve this:
D:\home\site
folderCreate a file called applicationhost.xdt
in that folder, with the following content (you can drag/drop it from your local machine):
<?xml version="1.0"?>
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
<location path="%XDT_SITENAME%" xdt:Transform="InsertIfMissing" xdt:Locator="Match(path)">
<system.webServer xdt:Transform="InsertIfMissing">
<rewrite xdt:Transform="InsertIfMissing">
<rules xdt:Transform="InsertIfMissing">
<rule name="Disable HTTP" enabled="true" stopProcessing="true">
<match url="(.*)" ignoreCase="false" />
<conditions>
<add input="{HTTPS}" pattern="off" />
<add input="{WARMUP_REQUEST}" pattern="1" negate="true" />
</conditions>
<action type="CustomResponse" statusCode="401" />
</rule>
</rules>
</rewrite>
</system.webServer>
</location>
</configuration>
This will make http requests fail with 401 (you can customize the response in the <action>
tag).
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With