I choose to host my website in Azure.So I've created a App Service.Then Created a new domain for my App then created/bind the SSL certificate to my corresponding website.
After done with the SSL certificate .I'm still seeing my website url as http//: and not https://
Also i'm not seeing the Green URL for my Website ..!
It look like this
(P.s : My App Service Tier is AzureFreeTier (Basic: 1 Small)
My SSL Type is SNL SSL)
Please help to resolve my problem here
Thanks in Advance,
Jayendran
You need to do a redirect from HTTP to HTTPS. Installing a certificate just makes using HTTPS with your custom domain name possible.
You can either:
Configure your app to redirect to HTTPS when it receives a request over HTTP + enable HTTP Strict Transport Security
Or use an extension in Web Apps to do the first thing:
To install the extension, open your web app blade in Azure Portal. Go to Extensions, then click Add. Then you should find Redirect HTTP to HTTPS from the list and install it.
That will redirect any HTTP calls to HTTPS for you. I would still recommend adding Strict-Transport-Security headers to your responses to make sure your clients do not access your site insecurely the next time.
The reason you arrive to your site on HTTPS after AAD login is because the HTTPS version of your app's URL has been configured in AAD as the reply URL.
And this:
Your Connection to this site is not fully secure Attackers might be able to see the images
is a mixed content warning. It means you are loading content (e.g. images) using an HTTP URL in your pages. Change them to HTTPS and you will solve that problem.
Related
I want to force HTTPS on the gateway url of the Azure API Management services but there are no configuration settings for that.
By default, HTTPS is used by the browser but when I change it manually in the URL and switch to HTTP, I don't have a redirection to HTTPS which is what I'm looking for.
I see this as a feedback request : https://feedback.azure.com/forums/248703-api-management/suggestions/37192618-block-http-and-or-force-https .
You may want to vote for it if it aligns with your requirement.
However, it is under review now and as workaround it is mentioned to use a policy at the global scope to check protocol and return a redirect if it’s http.
I have a site in Azure. Pages are generated by Azure Functions, but for a given URL generated page will always be identical, so I put it behind a CDN endpoint. I added custom domains to the endpoint: www.example.com is the main domain and there is also a naked domain version example.com, but any request to it is redirected to the www.example.com. Any http requests are also redirected to https. Both redirects are performed by returning redirect result from Azure Function.
So, both http://example.com and http://www.example.com properly redirected to https://www.example.com. The problem arises if someone tries to access https://example.com. The certificate served for this url is *.azureedge.net and the browser predictably displays a warning message (if instructed to proceed - it receives a redirect and works fine after that).
When I try to enable Custom HTTPS on example.com - I get an error Enabling Https with CDN Managed Certificate is not supported anymore for apex (root) domains.
Is there any way I can fix this, perhaps instruct a redirect from example.com to www.example.com on DNS level? I've seen suggestions to use alternative CDNs available in Azure, but I'm not ready to go down that route yet.
As you've discovered, as of April 2021 Managed certificates are not supported on Apex domains. The only supported way to get round this at present is to upload your own certificate (either free or purchased) or purchase one through KeyVault.
Having said that, Jack Tracey has put together a list of instructions to achieve this in an unsupported manner.
We have an azure website, where we have the https only setting turned on, and we also have url rewrite rules set up as well so that when you go to our site at http://example.com (we have a custom domain that is secured with a cert using IP SSL - both example.com and www.example.com), you get redirected to https://example.com. When using a web browser, this clearly works. However, when using a tool such as Postman or vulnerability scanning, such as ZAP, the server is clearly responding to http and not redirecting the request to https. We are currently failing a vulnerability scan due to this, and we cannot figure out what else to do to get the site to force https. As I said, it works when using a web browser, but not with direct web requests from non-browser tools. Thanks!
I get "504 gateway" error when I do a "http://xyz.com" request for a website hosted on azure. However, if I do a "https://xyz.com" request for the same website I get the webpage. How do I always do a https request for this URL even if somebody forgets to do https
Found this in StackOverflow
Best way in asp.net to force https for an entire site?
And I think URL Rewrite or Http Module might help as well.
Example, I go to the facebook webpage and see that the http URL is not https. Maybe they are hiding that it is https. I don't see a lock either on the browser.
In any case, how do websites provide secure registration web pages? I'm looking to create a registration and user login page.
Thanks for your help!
SP
your hosting server should provide SSL services
You should purchase a SSL certificate from VeriSign, or generate a one using OpenSSL
Apply the SSL certificate to your web server
Create youe Login page normal as you do with your scripting language
access the page with https://domain.com/page.php
You provide secure registration with SSL. If you do a google search for HTTPS or SSL you will find resources. It is a bit of a large topic. How to go about it depends if you are running your own server or have hosting provided to you by a service. EIther way, you will need a certificate for your domain. If you have your own server you will need to do a lot more configuration.
Here is a link about how to go about it with Apache.