I use Azure cloud with web app and my server side written on nodejs.
When web app receive a http request I want to redirect the request to https
I found the solution.
I put that to my web.config file inside the rules tag
<rule name="Force HTTPS" enabled="true">
<match url="(.*)" ignoreCase="false" />
<conditions>
<add input="{HTTPS}" pattern="off" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" appendQueryString="false" redirectType="Permanent" />
</rule>
The problem is when I type in the browser "https://myURL.com" it redirect to main screen every thing ok,
but when I change https to http "http://myURL.com" it redirect to https://myURL.com/" and add to the url "bin/www" according that the url looks like that "http://myURL.com/bin/www", the response is: page doesn't find.
The question is how to redirect a clear url without added data to the url?
Part of my web.config file:
<rewrite>
<rules>
<!-- Do not interfere with requests for node-inspector debugging -->
<rule name="NodeInspector" patternSyntax="ECMAScript" stopProcessing="true">
<match url="^bin/www\/debug[\/]?" />
</rule>
<!-- First we consider whether the incoming URL matches a physical file in the /public folder -->
<rule name="StaticContent">
<action type="Rewrite" url="public{REQUEST_URI}" />
</rule>
<!-- All other URLs are mapped to the node.js site entry point -->
<rule name="DynamicContent">
<conditions>
<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="True" />
</conditions>
<action type="Rewrite" url="bin/www" />
</rule>
<!-- Redirect all traffic to SSL -->
<rule name="Force HTTPS" enabled="true">
<match url="(.*)" ignoreCase="false" />
<conditions>
<add input="{HTTPS}" pattern="off" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" appendQueryString="false" redirectType="Permanent" />
</rule>
</rules>
</rewrite>
<!-- 'bin' directory has no special meaning in node.js and apps can be placed in it -->
<security>
<requestFiltering>
<hiddenSegments>
<remove segment="bin" />
</hiddenSegments>
</requestFiltering>
</security>
Thanks for answers, Michael.
Go to Azure portal and open the overview page of the (Web) App Service you wanna set to HTTPS only. In the sidebar, under the Settings section, there is an option for TLS/SSL Settings.
On clicking it, you will get an option on the screen to set your app's protocol to HTTPS only. There isn't any need to manually add separate ruleset for this.
This works on every tier of App Service Plan including the 'F'-Series (free subscription).
Note that, if you are adding any custom domain you also need to add corresponding SSL bindings, you can easily get them using LetsEncrypt or alike. If any of the custom hostnames for your app are missing SSL bindings, then:
When HTTPS Only is enabled clients accessing your app on those custom hostnames will see security warnings.
PS: I just saw that this question was asked about 3 years ago and that time maybe there was no direct option to do this. But even so, I'm posting my answer because on Google (as on February 2020) this question still ranks first among others regd. automatic HTTPS redirection in Azure.
As of November 2017, this is now a simple switch in the Azure Portal: "HTTPS Only", under Custom domains.
https://blogs.msdn.microsoft.com/benjaminperkins/2017/11/30/how-to-make-an-azure-app-service-https-only/
It's also very easy in ARM:
“httpsOnly”: true
There is also a free and open source extension for this.
Go to your Web App settings sidebar, search for the "Extensions" tab and click on "Add".
Scroll down and find the extension Redirect HTTP to HTTPS by gregjhogan.
Accept the terms.
Restart the Web App for the actions to take effect immediately.
Done !
For further details on the implementation of this extension, check the source code on GitHub. The most important source file is the applicationhost.xdt.
Quote from GitHub (02-08-2017) (credits go to gregjhogan):
applicationhost.xdt
<?xml version="1.0"?>
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
<location path="%XDT_SITENAME%" xdt:Transform="InsertIfMissing" xdt:Locator="Match(path)">
<system.webServer xdt:Transform="InsertIfMissing">
<rewrite xdt:Transform="InsertIfMissing">
<rules xdt:Transform="InsertIfMissing" lockElements="clear">
<rule name="redirect HTTP to HTTPS" enabled="true" stopProcessing="true" lockItem="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
<add input="{WARMUP_REQUEST}" pattern="1" negate="true" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" appendQueryString="true" redirectType="Permanent" />
</rule>
</rules>
</rewrite>
</system.webServer>
</location>
</configuration>
R:1 is a back-reference to the rule pattern. You append that to the url here:
url="https://{HTTP_HOST}/{R:1}"
changing that into
url="https://{HTTP_HOST}"
should result in a redirect to the https root.
Related
I have an IIS web server that is setup to handle all requests to *.myapp.com. We also have clients that have setup a custom domain, e.g. custom.customer.com as a CNAME To customer.myapp.com
I have a requirement to handle the following:
Requests to custom.customer.com/pathA will need to be redirected to a.internal-app.com
Requests to custom.customer.com/pathB will need to be redirected to b.internal-app.com
The problem I have right now is that this can't be done on the DNS level (as it involves paths). Also, whatever the "redirect" is I want the client to see his custom domain at all times. Like he should never see internal-app.com or myapp.com.
Is this possible in any way?
It is possible with reverse proxy.
1) You need to install URL Rewrite and ARR module for IIS
2) Enable ARR. On the Application Request Routing page, select Enable proxy
3) Create rewrite rule
<rewrite>
<rules>
<rule name="rewrite custom.customer.com/patha" stopProcessing="true">
<match url="patha" />
<conditions logicalGrouping="MatchAll">
<add input="{HTTP_HOST}" pattern="^custom.customer.com$" ignoreCase="true" />
</conditions>
<action type="Rewrite" url="http://a.internal-app.com/" />
</rule>
<rule name="rewrite custom.customer.com/pathB" stopProcessing="true">
<match url="pathb" />
<conditions logicalGrouping="MatchAll">
<add input="{HTTP_HOST}" pattern="^custom.customer.com$" ignoreCase="true" />
</conditions>
<action type="Rewrite" url="http://b.internal-app.com/" />
</rule>
</rules>
</rewrite>
P.S. You might have problem with your resources(images,styles,css,js). Because your html might contains absolute paths to resources
You can check this post, when author is creating outbound rule for fixing relative urls https://blogs.iis.net/carlosag/setting-up-a-reverse-proxy-using-iis-url-rewrite-and-arr
I have a website that I host on azure. I recently bought an SSL and configured it. Now users can visit my site by typing in either http://example.com or https://example.com.
What I want is for users who type in the former to be automatically redirected to the latter while also keeping anything after the .com
So if a user types in http://example.com/about they will be redirected instead to https://example.com/about.
After some reading, I've come across this code that seems to do what I want
<system.webServer>
<rewrite>
<rules>
<rule name=”Redirect to https”>
<match url=”(.*)”/>
<conditions>
<add input=”{HTTPS}” pattern=”Off”/>
<add input=”{REQUEST_METHOD}” pattern=”^get$|^head$” />
</conditions>
<action type=”Redirect” url=”https://{HTTP_HOST}/{R:1}”/>
</rule>
</rules>
</rewrite>
</system.webServer>
But before I add this to my web.config file I have a few questions.
What is the IIS url rewrite module? IIS Rewrite and is it required to be installed on my azure hosted websites before I upload my new web.config file.
How can I also include removing www from my URL when a user enters it. For example if a user types in www.example.com they should be redirected to https://example.com instead. The reason that I want this is because in my google search console I've told google to display URLs as example.com rather then www.example.com
and finally, will this code do what I'm looking for? Is there a more professional way to achieve this? What are the benefits. I should note that my sites are asp .net web forms. I know MVC has routing options but that is not an option for me.
Edit : I don't think How to force HTTPS using a web.config file solves my issue because I don't even know if I can install the URL Rewrite module since I am not hosting IIS myself. Does azure give you access to the IIS settings? I am unfamiliar with azure details.
The Microsoft URL Rewrite Module for IIS enables IIS administrators to create powerful customized rules to map request URLs to friendly URLs that are easier for users to remember and easier for search engines to find.
This module is pre-installed for Azure Web App, as shown when inspect the applicationHost.config of the Azure Web App in Kudu.
Hence, you do not need to worry about the availability of the module for Azure Web App.
The URL Rewrite configuration to enforce HTTPS redirection for Azure web app is the simplest way to achieve what you intend. Your above configuration will apply
only if the request method is either HTTP GET or HTTP HEAD. The below configuration will not have such limitation.
<system.webServer>
<rewrite>
<rules>
<rule name="Force HTTPS Redirection" enabled="true" stopProcessing="true">
<match url="^$" ignoreCase="false"/>
<conditions>
<add input="{HTTPS}" pattern="^OFF$"/>
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/" redirectType="Permanent"/>
</rule>
</rules>
</rewrite>
</system.webServer>
I would add one last thing. Assuming you are running on Azure Web Apps, they have various probes to your site for warm up and initialization. You probably don't want these probes to also be redirected, otherwise, you may have some issues when you restart or use Azure's swaps feature for stuff like blue/green deployments. These probes would then be return with a 301/302 rather than actually hitting your site (and Azure doesn't actually follow the redirect)
More examples https://github.com/projectkudu/kudu/wiki/Xdt-transform-samples
<rule name="Redirect to non-WWW" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTP_HOST}" pattern="www.example.com$" />
<add input="{HTTP_USER_AGENT}" pattern="Initialization" negate="true" /> <!-- IIS Application Initialization Warmup -->
<add input="{HTTP_USER_AGENT}" pattern="SiteWarmup" negate="true" /> <!-- Azure WebApps Warmup Request -->
<add input="{HTTP_USER_AGENT}" pattern="AlwaysOn" negate="true" /> <!-- Azure WebApps AlwaysOn Probes -->
</conditions>
<action type="Redirect" redirectType="Permanent" url="https://example.com/{R:1}" />
</rule>
<!-- Redirect to HTTPS Version -->
<rule name="HTTP to HTTPS redirect" stopProcessing="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
<add input="{HTTP_USER_AGENT}" pattern="Initialization" negate="true" />
<add input="{HTTP_USER_AGENT}" pattern="SiteWarmup" negate="true" />
<add input="{HTTP_USER_AGENT}" pattern="AlwaysOn" negate="true" />
</conditions>
<action type="Redirect" redirectType="Permanent" url="https://{HTTP_HOST}/{R:1}" />
</rule>
I have a website with the following structure at the root for a Node.js app
package.json
server.js
public
index.html
css
js
images
...other folders
I would like to take the person only inside the public folder with a forced HTTPS connection.
My current web.config file looks like this
<?xml version="1.0" encoding="utf-8"?>
<!--
This configuration file is required if iisnode is used to run node processes behind
IIS or IIS Express. For more information, visit:
https://github.com/tjanczuk/iisnode/blob/master/src/samples/configuration/web.config
-->
<configuration>
<system.webServer>
<!-- Visit http://blogs.msdn.com/b/windowsazure/archive/2013/11/14/introduction-to-websockets-on-windows-azure-web-sites.aspx for more information on WebSocket support -->
<webSocket enabled="false" />
<handlers>
<!-- Indicates that the server.js file is a node.js site to be handled by the iisnode module -->
<add name="iisnode" path="server.js" verb="*" modules="iisnode"/>
</handlers>
<rewrite>
<rules>
<!-- Do not interfere with requests for node-inspector debugging -->
<rule name="NodeInspector" patternSyntax="ECMAScript" stopProcessing="true">
<match url="^server.js\/debug[\/]?" />
</rule>
<!-- First we consider whether the incoming URL matches a physical file in the /public folder -->
<rule name="StaticContent">
<action type="Rewrite" url="public{REQUEST_URI}"/>
</rule>
<!-- All other URLs are mapped to the node.js site entry point -->
<rule name="DynamicContent">
<conditions>
<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="True"/>
</conditions>
<action type="Rewrite" url="server.js"/>
</rule>
<rule name="Force HTTPS" enabled="true">
<match url="(.*)" ignoreCase="false" />
<conditions>
<add input="{HTTPS}" pattern="off" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" appendQueryString="true" redirectType="Permanent" />
</rule>
<rule name="Redirect rquests to default azure websites domain" stopProcessing="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAny">
<add input="{HTTP_HOST}" pattern="^zupbot\.azurewebsites\.net$" />
</conditions>
<action type="Redirect" url="https://www.zup.chat/{R:0}" />
</rule>
</rules>
</rewrite>
<!-- 'bin' directory has no special meaning in node.js and apps can be placed in it -->
<security>
<requestFiltering>
<hiddenSegments>
<remove segment="bin"/>
</hiddenSegments>
</requestFiltering>
</security>
<!-- Make sure error responses are left untouched -->
<httpErrors existingResponse="PassThrough" />
<!--
You can control how Node is hosted within IIS using the following options:
* watchedFiles: semi-colon separated list of files that will be watched for changes to restart the server
* node_env: will be propagated to node as NODE_ENV environment variable
* debuggingEnabled - controls whether the built-in debugger is enabled
See https://github.com/tjanczuk/iisnode/blob/master/src/samples/configuration/web.config for a full list of options
-->
<!--<iisnode watchedFiles="web.config;*.js"/>-->
</system.webServer>
</configuration>
Whenever I try to access my website, it tries finding a server.js and gives me this error
{"code":"NotAuthorized","message":"/server.js"}
My node.js code does this to serve static files
server.get('/.*/', restify.serveStatic({
//Ensure that people can only access the files within the public directory and none of the protected server files
directory: __dirname + '/public',
default: constants.INDEX_HTML,
match: /^((?!server.js).)*$/ // we should deny access to the application source
}));
How can I take the person straight inside the public folder always with an HTTPS connection? Thank you for your help in advance.
UPDATE 1
I added the HTTPS redirect before any other rule that has a stopProcessing=true and it works , however if I go to my native site http://.azurewebsites.net, it still takes me to the https version of it, how can I redirect sitename.azurewebsites.net to the https version of my custom domain?
Please try the following rewrite rules in web.config:
<rule name="DynamicContent" stopProcessing="true">
<conditions>
<add input="{REQUEST_FILENAME}" matchType="IsFile" negate="True"/>
</conditions>
<action type="Rewrite" url="server.js"/>
</rule>
<rule name="Redirect to https" enabled="true" patternSyntax="ECMAScript" stopProcessing="true">
<match url="(.*)"/>
<conditions>
<add input="{HTTPS}" pattern="Off"/>
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" appendQueryString="true" />
</rule>
Which will rewrite the url your_site.azurewebsites.net/<asset> to https protocol if there is a file named <asset> in public folder as you configured in restify.serveStatic.
And it will not rewrite the url those can match the route setting in your restify application.
Any further concern, please feel free to let me know.
I have an angular app that I host in a Microsoft Azure Web Site. I've set it up with auto-redirect of all requests to HTTPS by installing an extension for me: https://github.com/gregjhogan/redirect-http-to-https-site-extension
What the extension app does is that it adds an applicationhost.xdt file which looks like this:
<?xml version="1.0" ?>
<configuration xmlns:xdt="http://schemas.microsoft.com/XML-Document-Transform">
<location path="%XDT_SITENAME%" xdt:Transform="InsertIfMissing" xdt:Locator="Match(path)">
<system.webServer xdt:Transform="InsertIfMissing">
<rewrite xdt:Transform="InsertIfMissing">
<rules xdt:Transform="InsertIfMissing" lockElements="clear">
<rule name="redirect HTTP to HTTPS" enabled="true" stopProcessing="true" lockItem="true">
<match url="(.*)" />
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
<add input="{WARMUP_REQUEST}" pattern="1" negate="true" />
</conditions>
<action type="Redirect" url="https://{HTTP_HOST}/{R:1}" appendQueryString="true" redirectType="Permanent" />
</rule>
</rules>
</rewrite>
</system.webServer>
</location>
</configuration>
Now that works fine, and everything is redirected to HTTPS. Now I've come across a new requirement, and I want to edit the rewrite rule to the following: Redirect all requests to HTTPS (as it is now), except any url that contains the following: "/#/user/[Some random user id]".
I've read different posts, and tried some different stuff, but IIS setup and stuff like this isn't quite my domain, and I'm strugling finding it out. The try I feel like is close is when I added this {REQUEST_URI} condition:
<conditions>
<add input="{HTTPS}" pattern="off" ignoreCase="true" />
<add input="{REQUEST_URI}" negate="true" pattern=".*/#/user/.+" ignoreCase="true" />
<add input="{WARMUP_REQUEST}" pattern="1" negate="true" />
</conditions>
I've tried restarting the Azure Web App, as well as redeploying it, but it doesn't seem kick in, everything still redirects to HTTPS as the original rule applies.
I was testing your regex online, and it seems that you need to escape the forward slash:
\/#\/user\/.+
Tested string:
http://localhost/#/user/123
Tested regex:
\/#\/user\/.+
website:
http://www.regextester.com/
Try adding this to your Application_beginrequest event
if (!HttpContext.Current.Request.IsSecureConnection && !HttpContext.Current.Request.Url.Host.Contains("/#/user/[Some random user id]"))
{
Response.Redirect("https://" + Request.ServerVariables["HTTP_HOST"]
+ HttpContext.Current.Request.RawUrl);
}
I need to redirect from
http://someserver/someapplication.page.aspx
to
http://someserver.domain.com/someapplication.page.aspx
Both the requests lead to the same server.
someserver/ works through our company's internal DNS
This is the same question as Redirecting to Full Domain
but I want an IIS solution for this, not code. My guess is it will have something to do with adding a httpRedirect add element in Configuration Editor using wildcards.
You can use URL Rewrite for that which is the recommended way to do it in IIS, simply add a web.config with a rule like:
<configuration>
<system.webServer>
<rewrite>
<rules>
<rule name="Redirect to full domain" stopProcessing="true">
<match url=".*" />
<conditions>
<add input="{HTTP_HOST}" pattern="^someserver$" />
</conditions>
<action type="Redirect" url="http://someserver.domain.com/{R:0}" redirectType="Permanent" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>