Redirect HTTP to HTTPS in Azure Application Gateway
To expand on Jonathan Mast's answer,
This can be done using the command line only (as of Dec 2017). I don't prefer the Powershell approach (limited portability), I prefer AZ CLI as it is more direct in answering this question.
Create a listener for your HTTP traffic (e.g.
FE-HTTP-80-Site). This can be done using Azure portal or CLI.Create a listener for your HTTPS traffic (e.g.
FE-HTTPS-443-Site). This can be done in the Azure portal or CLI.Create a redirect configuration:
az network application-gateway redirect-config create \--gateway-name AppGateway \-g RSgroupAppGateway \-n Redirect-Site-toHTTPS \--type Permanent \--include-path true \--include-query-string true \--target-listener FE-HTTPS-443-Site- Create a rule for the HTTP traffic:
az network application-gateway rule create \--gateway-name AppGateway \-g RSgroupAppGateway \-n Rule-HTTP-80-Site \--rule-type Basic \--http-listener FE-HTTP-80-Site \--redirect-config Redirect-Site-toHTTPSReference on Concept: Create an application gateway with URL path-based redirection using Azure PowerShell
AZ CLI Reference: Azure Command-Line Interface (CLI) documentation
If you handle the redirect on your backend, you can use the X-Forwarded-Proto header sent by the App Gateway to see the original request and redirect if it was HTTP using a redirect rule.
Apache
To do this on Apache, add the following to your .htaccess file
RewriteEngine OnRewriteCond %{HTTP:X-Forwarded-Proto} !httpsRewriteRule ^.*$ https://%{SERVER_NAME}%{REQUEST_URI}IIS
Using the IIS rewrite module add this to your web.config file
<rewrite xdt:Transform="Insert"> <rules> <rule name="HTTPS rewrite behind App Gw rule" stopProcessing="true"> <match url="^(.*)$" ignoreCase="false" /> <conditions> <add input="{HTTP_X_FORWARDED_PROTO}" pattern="^http$" ignoreCase="false" /> </conditions> <action type="Redirect" redirectType="Found" url="https://{SERVER_NAME}{URL}" /> </rule> </rules></rewrite>
This is now supported by the Azure Application Gateway product without any additional tools or services. It is configured using PowerShell as described in this link.
Relevant PoSH code copy and pasted from the reference for redirecting port 80 to 443:
# Get the application gateway$gw = Get-AzureRmApplicationGateway -Name AdatumAppGateway -ResourceGroupName AdatumAppGatewayRG# Get the existing HTTPS listener$httpslistener = Get-AzureRmApplicationGatewayHttpListener -Name appgatewayhttplistener -ApplicationGateway $gw# Get the existing front end IP configuration$fipconfig = Get-AzureRmApplicationGatewayFrontendIPConfig -Name appgatewayfrontendip -ApplicationGateway $gw# Add a new front end port to support HTTP trafficAdd-AzureRmApplicationGatewayFrontendPort -Name appGatewayFrontendPort2 -Port 80 -ApplicationGateway $gw# Get the recently created port$fp = Get-AzureRmApplicationGatewayFrontendPort -Name appGatewayFrontendPort2 -ApplicationGateway $gw# Create a new HTTP listener using the port created earlierAdd-AzureRmApplicationGatewayHttpListener -Name appgatewayhttplistener2 -Protocol Http -FrontendPort $fp -FrontendIPConfiguration $fipconfig -ApplicationGateway $gw # Get the new listener$listener = Get-AzureRmApplicationGatewayHttpListener -Name appgatewayhttplistener2 -ApplicationGateway $gw# Add a redirection configuration using a permanent redirect and targeting the existing listenerAdd-AzureRmApplicationGatewayRedirectConfiguration -Name redirectHttptoHttps -RedirectType Permanent -TargetListener $httpslistener -IncludePath $true -IncludeQueryString $true -ApplicationGateway $gw# Get the redirect configuration$redirectconfig = Get-AzureRmApplicationGatewayRedirectConfiguration -Name redirectHttptoHttps -ApplicationGateway $gw# Add a new rule to handle the redirect and use the new listenerAdd-AzureRmApplicationGatewayRequestRoutingRule -Name rule02 -RuleType Basic -HttpListener $listener -RedirectConfiguration $redirectconfig -ApplicationGateway $gw# Update the application gatewaySet-AzureRmApplicationGateway -ApplicationGateway $gw