0

HTTP to HTTPS redirection in Azure APIM. We want to redirect all HTTP traffic to HTTPS in APIM. I know we can use a policy to redirect, can this be achieved at the API scope.

Ikhtesam Afrin
  • 897
  • 1
  • 1
  • 6
ALOK
  • 1
  • 2

1 Answers1

0

You can refer to this link to achieve the same.

Add the below policy in the following way to redirect HTTP to HTTPS at API scope

enter image description here

enter image description here

Click on Inbound Processing to add the policy

<policies>
<inbound>
<choose>
<when  condition="@(context.Request.OriginalUrl.Scheme == "http")">
<return-response>
<set-status  code="302"  reason="Requires SSL"  />
<set-header  exists-action="override"  name="Location">
<value>@(context.Request.OriginalUrl.ToString().Replace("http://","https://"))</value>
</set-header>
</return-response>
</when>
</choose>
<base  />
</inbound>
<backend>
<base  />
</backend>
<outbound>
<base  />
</outbound>
<on-error>
<base  />
</on-error>
</policies>

Output:

enter image description here

Ikhtesam Afrin
  • 897
  • 1
  • 1
  • 6
  • This is not working at API Scope for me, is it working for you? below is error when I do a Get from postman for one of my endpoints. using http:// 504 Gateway Timeout

    Gateway Timeout

    Server error - server 40.87.*.* is unreachable at this moment.

    Please retry the request or contact your administrator.

     – ALOK Aug 29 '23 at 10:02
  • Yes, its working for me. how are you testing it? – Ikhtesam Afrin Aug 29 '23 at 10:05
  • are you using a custom domain? Refer https://dipolimene.medium.com/enforcing-all-requests-to-apim-over-https-2e8f4b7e03e2, you have multiple options to achieve it. You can use ` ` – Ikhtesam Afrin Aug 29 '23 at 11:45
  • I am getting 404.\, Ihave the correct backend service bas eurl: 404Resource Not Found – ALOK Aug 29 '23 at 15:58
  • @ALOK Updated my answer, please check and make the changes accordingly in API settings and in policy – Ikhtesam Afrin Aug 29 '23 at 16:40
  • Yes we have a custom domain and the backend-service base-url is updated . https://dipolimene.medium.com/enforcing-all-requests-to-apim-over-https-2e8f4b7e03e2 I am aware of this link and was following same before reaching out here ":) May be I am missing something – ALOK Aug 30 '23 at 04:30
  • Have you checked my updated answer? Please change the URL scheme to HTTP(s) and add the modified policy from my answer, it will work – Ikhtesam Afrin Aug 30 '23 at 05:20
  • Error: Protocol "http:" not supported. Expected "https:" I get this error when I choose URL scheme as HTTP(s) – ALOK Aug 30 '23 at 06:02
  • can you share the screenshot of how you are doing this? – Ikhtesam Afrin Aug 30 '23 at 06:05