Force redirect all the things to https with web.config

  <configuration>
    <system.webServer>
      <rewrite>
        <rules>
          <clear />
          <rule name="Redirect to https" stopProcessing="true">
            <match url="(.*)" />
              <conditions>
                <add input="{HTTPS}" pattern="off" ignoreCase="true" />
              </conditions>
              <action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" redirectType="Permanent" appendQueryString="false" />
          </rule>
         </rules>
    </rewrite>
  </system.webServer>
</configuration>

See Block frames with web.config

Required on MS sites per internal security review.

  ...
 
  <httpProtocol>
    <customHeaders>
      <add name="X-Frame-Options" value="SAMEORIGIN" />
    </customHeaders>
  </httpProtocol>
 
  ...
</system.webServer>

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

azure.md

azure.md

Force redirect all the things to https with web.config

See Block frames with web.config

Required on MS sites per internal security review.

Files

azure.md

Latest commit

History

azure.md

File metadata and controls

Force redirect all the things to https with web.config

See Block frames with web.config

Required on MS sites per internal security review.