API Gateway Redirect 302 - api

I've got a service I'm proxying with gateway. A GET request to / will return a 302 with a Location header. The problem is the value of the Location header which I'm referencing in "integration.response.header.Location" is /login.
What this ends up doing is breaking my proxy by removing the stageName from the AWS provided URL for the API.
Instead of "{AWS_URL}/local/login", the redirect is going to "{AWS_URL}/login" which causes a 403 Forbidden from API Gateway.
If I manually modify the header mapping expression to use 'local/login' all works fine, but, the above should work, no?
Is there some hackery to maybe concat values into a header mapping expression?
Any help is greatly appreciated!
Thanks!

Moved to AWS Forums as it may be more appropriate - https://forums.aws.amazon.com/thread.jspa?threadID=228457

Related

How to pass original URI, with arguments, to Traefik ErrorPage handler specified in `query`?

I'm trying to use nginx to serve a custom error page using the Error Page middleware so that 404 requests to a lambda service (which I don't control) can be handled with a custom error page. I want to be able to get the context of this original request on that error page, either in Nginx for further forwarding, or else as a header for further handling e.g. in PHP or whatnot so I can provide contextual links on the 404 page.
However, right now after the redirection to Nginx in Traefik's ErrorPage middleware it seems the request has lost all the headers and data from the original service query.
The relevant part of my dockerfile:
traefik.port=8080
traefik.protocol=http
traefik.docker.network=proxy
traefik.frontend.rule=PathPrefix:/myservice;ReplacePathRegex:^/myservice/(.*) /newprefix/$$1
traefik.frontend.errors.myservice.status=404
traefik.frontend.errors.myservice.service=nginx
traefik.frontend.errors.myservice.query=/myservice-{status}
Nginx receives the forwarded 404 request, but the request URI comes through as nothing more than the path /myservice-404 specified in query (or /, if I omit traefik.frontend.errors.myservice.query). After the ReplacePathRegex I have the path of the original request available in the HTTP_X_REPLACED_PATH header, but any query arguments are no longer accessible in any header, and nginx can't see anything else about the original URI. For example, if I requested mysite.com/myservice/some/subpath?with=parameters, the HTTP_X_REPLACED_PATH header will show /myservice/some/subpath but not include the parameters.
Is it possible in Traefik to pass another service the complete context about the original request?
What I'm really looking for is something like try_files, where I could say "if this traefik request fails, try this other path instead", but I'd settle for being able to access the original, full request arguments within the handling backend server. If there was a way to send Nginx a request with the full path and query received by Traefik, that would be ideal.
tl;dr:
I am routing a request to a specific service in Traefik
If that request 404s, I want to be able to pass that request to Nginx for further processing / a contextual error page
I want Nginx and/or the page which receives the ErrorPage redirect to be able to know about the request that 404'd in the service
Unfortunately this is not possible with Traefik. I tried to achieve something similar but I realized that the only information that we are able to pass to the error page is the HTTP code, that's it.
The only options available are mentioned in their docs: https://doc.traefik.io/traefik/middlewares/errorpages/

How to make Serverless return 404 instead of 403 for non-existing endpoints?

I tried the Serverless framework following the instructions to create the Hello World application. Everything works well, calling the [url]/dev/hello-world returns 200 response with the json output as expected.
By default, looks like the response for non-existing endpoints is 403 http status code with json {"message":"Missing Authentication Token"}.
I'd like to host a website using the framework.
Is there any way to make the Serverless return 404 instead of 403 for non-existing endpoints?
Returning a 403 instead of 404 is a deliberate design decision.
This is a pattern that is used in many other AWS APIs (most notably S3). In S3, if the user would have had permissions to the see presence of the key (via the ListBucket permission), a 404 will be returned; otherwise a 403 will be returned. Because API Gateway enables permissions at the method level, we can't know whether or not the user should be permitted to have knowledge of the existence of the API resource level, and default to the 403 as a result.
You can elect to catch all missing API methods using a {proxy+} pattern.
events:
- http:
path: {proxy+} # catch any path not specified elsewhere
method: get # or change to any method if you prefer
I did something a bit different its not relavent to API calls, but it is to the final goal of using serverless to host a website in the CloudFrontDistribution section I added this.
CustomErrorResponses:
ErrorCode: 403
ResponseCode: 404
ResponsePagePath: /404.html

Query string (URL) lead to 403

Please help me on this.Already tried disable mode_security module through .htaccess no use.
PHP Version 5.6.30
Apache redirect the request to 403 page if pass parameter below.
&test[object_type]=0
The name (object_type) leads to 403 page.
eg:http://www.cudec.com.my/?test[object_type]=0 ✖ NOT WORKING LEADS TO 403
eg:http://www.cudec.com.my/?test[object_types]=0 ✓ WORKING
Will update this post to a full answer as soon as I got more information to work with ;)
I tried to call the 403-URL:
You don't have permission to access / on this server.
Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request.
You ensured that ModSecurity is the one replying with 403? Looks more like the folder permissions are insufficient.
Check if your DocumentRoot is at least readable for users (an 'r' at the last triple or 4 in the last byte).
If it's really ModSecurity, have a look into /var/log/apache2/modsecurity_audit.log and you should see which rule (by ID) is the one throwing 403 and also the reason (Error-Msg in the rule) why.
Does http://www.cudec.com.my/?test[object_types]=0 return the expected result?
The parameter doesn't seem to be interpretated when using &test[object_type] instead of &test[object_types] and the target ressource / seems to have insufficient rights, same for the error-pages...

403 forbidden occurs for some URL

I want to know how to remove 403 issue for particular URL .
For example ,whatever comes after http://www.example.com/webapp/* , I need to remove 403 issue. How to set this?
you must configure your web server to allow pages from that file directory to be served to the public.
http://httpd.apache.org/docs/2.2/urlmapping.html#user

POST Requests seen as GET by server

Got a really strange problem here. When sending post requests to my PHP script
$_SERVER['REQUEST_METHOD']
returns "GET" instead of "POST".
It works fine for every other REST method
so this is what I get
GET -> GET
POST-> GET
PUT -> PUT
DELETE -> DELETE
It only happens on one of my servers so i'm assuming it's an apache problem and i've managed to figure out that it only happens if I add "www" to my url.
I.e
www.something.com
causes the problem but
something.com
does not
I have tested on different sites on the same server and I get the same thing so I'm assuming it's global config.
Any thoughts
As the HTTP spec says for response codes 301 and 302:
Note: For historic reasons, a user agent MAY change the request method
from POST to GET for the subsequent request. If this behavior is
undesired, the 307 (Temporary Redirect) status code can be used
instead
A third (but unlikely) possibility is you're getting a 303 response to the initial URI. The solution is twofold:
Configure the clients which are under your control to POST to the canonical URI so they are not redirected at all.
Configure your server to redirect using 307 in this case instead of 301/302.