0

I have a web API that seems to only accept http requests and refuses all https request as they all timeout.

http://api.maxiterations.com/models?companyCode=1&start=0&count=0 -> Works

https://api.maxiterations.com/models?companyCode=1&start=0&count=0 -> Does not Works

A request to my AWS hosted API fails to connect to the application.

However, when it is an https request from the postman to the local host it works properly.

I need assistance on how to get AWS to accept an https request since it seems like my code isn't what's doing the rejection.

Code:

// https://stackoverflow.com/questions/69291182/how-to-reject-requests-in-a-net-core-api-based-on-the-values-sent-in-the-accept
// https://stackoverflow.com/questions/58231669/is-there-any-way-to-block-http-requests-made-by-postman-in-net-core
app.Use((context, next) =>
{
    // if health check call come through allow it to pass
    if (context.Request.Path.ToString().EndsWith('/'))
    {
        return next();
    }

    // if request is from https allow else reject if it is http
    if (context.Request.IsHttps)
    {
        return next();
    }

    context.Response.StatusCode = StatusCodes.Status403Forbidden;
    return context.Response.WriteAsync("HTTPS is required");
});

app.UseHealthChecks("/");
app.MapGet("/models", (string companyCode, int start = 0, int count = 0, DateTime? earliestCreationDate = null) =>
    {
        // Stuff happens
        return enumerable.Count != 0 ? Results.Ok(enumerable) : Results.NoContent();
    })
    .WithName("GetModelsByCompanyId")
    .WithDescription("Returns all models owned by the company using the company code").WithTags("Models").WithOpenApi();

First, I went to Microsoft's website for ASP.NET hoping that the documentation would give me a clue and there was nothing there.

Then I thought since it is on AWS, maybe I'd find a clue in the AWS deployment documenation for dotnet 8 Web Apis but there was nothing about my particular issue.

I then tried googling and stack overflow and still came up empty.

Improve this question
4
  • Postman has a console that shows the entire HTTP request including all the headers. The default http headers in Postman are different from c#. Normally to fix these kinds of issues you need to add missing http headers in the c# code. Take all the Postman Http Headers and add them to the c# code. Commented Aug 16, 2024 at 19:45
  • Do you have an SSL certificate installed in the docker container and have your ASP.NET app configured to serve that SSL certificate? Typically, in an ECS deployment you would have an Application Load Balancer in front of the deployment, and terminate the SSL connection at the load balancer. There is nothing ".NET" specific about configuring an AWS ECS deployment with a load balancer that serves HTTPS connections. Please provide the details of how you have the SSL certificate configured with your load balancer, the target group settings for the HTTPS listener, etc. Commented Aug 17, 2024 at 12:00
  • If you're using the default Dockerfile provided by Visual Studio, it is not configured to serve HTTPS traffic by default because ASP.NET are expecting you to terminate the SSL on a load balancer/reverse proxy and you should do this too. Use HTTPS only on local development using dev certs and in production use TLS termination in the LB. Commented Aug 17, 2024 at 12:12
  • Okay. I will search up on what TLS terminination means and figure out how to do that. As for @MarkB, I just used whatever certificate my teammate had set up for the initial URL. I will look it up and give answers once I have everything. Thank You. Commented Aug 17, 2024 at 15:13

1 Answer 1

Reset to default
0

The solution was performing TLS termination on the load balancer based on the response from @FahmiNoorFiqri.

I used AI to get the steps for creating a proper load balancer and modified them to fix my existing load balancer.

  1. Set your region to the region of the resources Load Balancer.
  2. Go to EC2
  3. There should be a box in the Resource section that has the word "Load Balancer" in it. Click it. If you can't find it, scroll the sidebar down till you see the "Load Balancer" section and click "Load Balancer".
  4. Find the load balancer for the API and click it.
  5. Scroll down to the "Listeners and rules" section. You should see it has a single listener with protocol "HTTP" and port "80". Click the Add Listner button.
  6. Set the new Listeners port to "443" or whatever your SSL port is for your configuration and Protocol to "HTTPS". Select the target group that corresponds to your API.
  7. In the security listener settings, choose which certificate your listener should use. In my case, it came from ACM so I choose "From ACM" and selected the certificate that I added for my API.
  8. Click "Add" button and you should now be able to make https request to your API.

P.S. By deleting, the HTTP listener, you can make it so your API will only accept HTTPS requests.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.