We welcome user feedback and feature requests!

HTTPS only without redirect

This feature has been requested multiple times (like here: https://feedback.azure.com/forums/169385-web-apps/suggestions/6868536-provide-require-ssl-setting-for-azure-websites), but has been closed time after time with the same workaround. The workaround consists of adding a redirect rule to web.config.

We however want a way to disable insecure HTTP requests completely.

Think of an API that gets called by a React or Angular app. Calling the HTTP endpoint of the API would be a bug and might lead to sensitive information like the access token being send over HTTP. It would appear to work, because the request gets redirected to HTTPS, so the bug would be harder to track.

So please don't close this request with the same workaround, because it's not a workaround for this particular request. :)

33 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Nick Muller shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    1 comment

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • Josh commented  ·   ·  Flag as inappropriate

        The feature released is helpful to save the work of creating a redirect in web.config, but wasn't what suggested in this feature request. This request is to provide an option to block port 80, not to redirect port 80 to 443.

      Feedback and Knowledge Base