How to make an Azure App Service HTTPS only


I wrote this article some years ago here “HTTPS only on Azure App Service Web Apps” that explains how to redirect all traffic made to an Azure App Service using HTTP to HTTPS using a URL Rewrite rule.  This is now achievable in the portal.

To enable the HTTPS Only feature in the portal, navigate to the App Service where you want to enforce this and select the Custom domains link which opens a blade similar to that shown in Figure 1.

image

Figure 1, how to force HTTPS Azure App Service

When I made the change I did not see any modification in my web.config so this change must be happening on the front ends where the SSL/TLS and domain configurations are handled.  This is good because the work happens there instead of on the workers.

Note that this feature is available in Shared mode and higher.  When I checked the same on a FREE site, the option was not there, as seen in Figure 2.

image

Figure 2, how to force HTTPS Azure App Service

Good stuff!

Comments (3)

  1. DANE VINSON says:

    Excellent, thanks for the info! I originally added a request for this to feedback.azure.com in 2014. They marked it as Declined after about a year then 10/2017 they suddenly re-opened it and moved it to Started. I didn’t realize it was complete.

  2. Mark Allison says:

    Do you know if there is there a way to achieve this using an ARM template? I tried setting the “httpsOnly” property to true (which is what the portal appears to do), but this seemed to have no effect upon deployment.

  3. Andrew Herrick says:

    Can be done in code too. Here is what I’ve used in ASP.NET Core. Works on Azure free tier.

    public void Configure(IApplicationBuilder app, IHostingEnvironment env)

    if (!env.IsDevelopment())
    {
    // rls
    var options = new RewriteOptions().AddRedirectToHttpsPermanent();
    app.UseRewriter(options);
    }

Skip to main content