Block HTTP and/or force HTTPS
Is there a way to disable the HTTP listener on the APIM service so that no responses occur for any requests to port 80.
We'd like to see a feature where we can disable the listener at port 80, or configure that listener to automatically force a redirect to HTTPS and port 443.
For now you can use policy a policy at the global scope to check protocol and return a redirect if it’s http.
S G commented
I find it defeats the whole purpose of security when we go through all the trouble of configuring custom domain names including creating (and paying for) certificates, when the end result is that users can access our API gateway using unsecured http.
As a temporary workaround, can anyone give an example of a policy that blocks http / forces https always?
Hey @ADMIN, we are going to have same setup as topic starter. But we stuck in trying compose rule mentioned by you. Could you please so kind post some example of protocol check policy with redirection?