How can we improve Azure Web Apps?

Provide "Require SSL" setting for Azure Websites

IIS provides a simple checkbox, "Requrie SSL" under a web site's SSL Settings area which forces secure connections to the site. There's no such simple way to set this for Azure Websites. If you use the default {name}.azurewebsites.net address when creating a site both HTTP and HTTPS endpoints are exposed but there's no simple way to disable the HTTP side.

349 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Dane VinsonDane Vinson shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    18 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...
      • Daniel WaddellDaniel Waddell commented  ·   ·  Flag as inappropriate

        If gzip compression is supported in your app service the web.config manual workaround doesn't appear to work.

      • PaulPaul commented  ·   ·  Flag as inappropriate

        Please re-open. A workaround is by definition not a solution, and in this case it is definitely not ideal.

      • Alexander BatishchevAlexander Batishchev commented  ·   ·  Flag as inappropriate

        Please reopen. Redirect to HTTPS and Enforce SSL are different things. This feature request is regarding the latter and via the Portal!

      • michel poiriermichel poirier commented  ·   ·  Flag as inappropriate

        Is this feature available yet/soon ?

        I cannot find the suggested "workaround"of the extension mentioned...

      • KarlKarl commented  ·   ·  Flag as inappropriate

        This *is* a forum to request features and changes, right? I think the feature request was to add in this feature onto the Azure Portal, not to simply point to a workaround through web.config. The feature request is still a valid one (that lots of people want, no less) and should remain open, even though the workaround is valuable information "for now".

      • Sean FisherSean Fisher commented  ·   ·  Flag as inappropriate

        This *is* a forum to request features and changes, right? I think the feature request was to add in this feature onto the Azure Portal, not to simply point to a workaround through web.config. The feature request is still a valid one (that lots of people want, no less) and should remain open, even though the workaround is valuable information "for now".

      • Alexander BatishchevAlexander Batishchev commented  ·   ·  Flag as inappropriate

        Which Web.config file workaround are you referring to? This setting can't be set in Web.config, default Machine.config prevents from doing so. Have to mess up with applicationHost.xdt instead what is very inconvenient and error-prone since requires manual human intervention.

      • Anonymous commented  ·   ·  Flag as inappropriate

        I have an MVC site hosted in azure. I used the HandNonHttpsRequest function and referenced it in the FilterConfig.cs per online docs. Appears to work fine using Edge and initially also Chrome. Now Chrome throwing "too many redirect" errors while Edge still good. Had to disable as it was taking down my Chrome users. In IIS you can just check a box for this functionality to "require SSL". As far as this issue is concerned the cloud is a huge step backwards as there is not corresponding setting in the Web App. I see someone posted an unsupported extension in the extensions section to address this issue. Presumably in response to Azure/Microsoft's non responsiveness. Has anyone used it? Does it work properly? I would think as an industrial strength hosting platform don't you think you should address this issue with a real fix. Especially now that Google is requiring that your entire site be SSL or be penalized? Kind of a requirement for everyone now, don't you think, Microsoft/Azure???

      • Samir FARHAT (MVP)Samir FARHAT (MVP) commented  ·   ·  Flag as inappropriate

        An option on the Application Setting may be more suitable than manually creating a redirect rule. In addition, this cannot be forgotten and can easily be verified

      • Tim Lovell-Smith MSFTTim Lovell-Smith MSFT commented  ·   ·  Flag as inappropriate

        The websites already supports this feature in their REST API but not in the portal - it is a pain to have to use Fiddler to configure my Azure website. Please, this seems like it's as simple as just adding a little bit of UI!

      • Anonymous commented  ·   ·  Flag as inappropriate

        I added all my votes. The rewriting works fine and dandy EXCEPT when you are using traffic manager.

      Feedback and Knowledge Base