4

I'm trying to do the 'simple' task of redirecting/rewriting traffic from http to https, I have one endpoint in a CloudService which is correctly configured for SSL.

I've tried many IIS rewrite rules, like the one below, but none are working. I've also tried setting up the rules via remote desktop on the IIS 8 server directly which also doesn't work.

When I enter any tag in the Azure web.config file the rewrite tag has a blue line under it with a message saying it is invalid under <system.webServer> :

<system.webServer>
...
      <rewrite>
          <rules>
              <rule name="RedirectToHTTPS" stopProcessing="true">
                  <match url="(.*)" />
                  <conditions>
                      <add input="{HTTPS}" pattern="off" ignoreCase="true" />
                  </conditions>
                  <action type="Redirect" url="https://{SERVER_NAME}/{R:1}" redirectType="SeeOther" />
              </rule>
          </rules>
      </rewrite>

  </system.webServer>

Any advice is much appreciated.

sham
  • 1,346
  • 1
  • 20
  • 28
  • Since you have **only one endpoint in a cloud service correctly configured for SSL**, why you bother with such URL rewrite gymnastics? There is no way that your role will get a plain HTTP traffic from INTERNET, since you only have HTTPS endpoint for the cloud service ... – astaykov Sep 18 '13 at 10:26
  • When users enter 'sub.domain.com' they get a timeout, and there is no certainty they will enter 'https://sub.domain.com' Of course my SSL might not be setup correctly - I meant that the certificate was working and all looked good when specifying https in the address bar. – sham Sep 18 '13 at 10:32
  • :) You need to setup both HTTP **and** HTTPS Endpoints for the cloud service, for your users to not get timeout and these URL rewrite rules to trigger. It is expected behavior to see a timeout error on HTTP endpoint (80) when you have **not** defined it. The traffic hits the Azure Load Balancer and never gets to your role... – astaykov Sep 18 '13 at 10:37

1 Answers1

10

In order for these rules to work you have to configure both the endpoints - HTTP and HTTPS !!

If you have not configured plain HTTP endpoint on port 80, your server will never be hit by an Internet traffic, so rewrite rules will never trigger.Thus you get the timeout when you try opening the domain over plain HTTP. There is simply no process listening on port 80 when you haven't defined endpoint for it.

astaykov
  • 30,768
  • 3
  • 70
  • 86