For this example, the Azure web app has:

Enforcing HTTPS will redirect the HTTP, so web app users will always end up at the HTTPS site. This will be done be defining a rewrite rule in the web.config file for the web app.

1. Navigate to the Kudu debug console for the Azure web app: https://<appname>

2. Go to D:\home\site\wwwroot

3. Open web.config for edit (pencil icon)

4. Copy the following code into the web.config file > Save 

<?xml version="1.0" encoding="UTF-8"?> <configuration> <system.webServer> <rewrite> <rules> <!-- BEGIN rule TAG FOR HTTPS REDIRECT --> <rule name="Force HTTPS" enabled="true"> <match url="(.*)" ignoreCase="false" /> <conditions> <add input="{HTTPS}" pattern="off" /> </conditions> <action type="Redirect" url="https://{HTTP_HOST}/{R:1}" appendQueryString="true" redirectType="Permanent" /> </rule> <!-- END rule TAG FOR HTTPS REDIRECT --> </rules> </rewrite> </system.webServer> </configuration>

NOTE: If there are other rule tags in the web.config file, be sure to place the copied HTTPS Redirect as the first rule.

NOTE: This rule returns a Permanent redirect to the HTTPS protocol whenever the user requests a page using HTTP. i.e. It redirects http:// to

5. Verify that the HTTP page is redirected to HTTPS.