2

We have a server that accepts client certs as a means of authentication. This service subsequently runs Apache and then terminates SSL and ProxyPass'es the request onto our API Gateway endpoint.

What we've noticed is that the API Gateway does a 301 redirect and so our client certificate information doesn't get passed along to the endpoint for AWS Lambda to be able to access.

Does anyone know if there is a work around to this?

Update 1

It seems the 301 redirect was caused by API Gateway redirecting us to HTTPS. The problem now is that it seems if we use the https protocol we get a 500 error back?

ProxyPass /Beta/foo https://<stuff>.execute-api.eu-west-1.amazonaws.com/Beta/foo
ProxyPassReverse /Beta/foo https://<stuff>.execute-api.eu-west-1.amazonaws.com/Beta/foo

Update 2

It would seem if we also enable SSLProxyEngine On and check the Apache error_log we see some of the following errors:

access to proxy:https://<stuff>.execute-api.eu-west-1.amazonaws.com/error/noindex.html failed, reason: SSL requirement expression not fulfilled (see SSL logfile for more details)
[error] (502)Unknown error 502: proxy: pass request body failed to <ip>:443 (<stuff>.execute-api.eu-west-1.amazonaws.com)
[error] proxy: pass request body failed to <ip>:443 (<stuff>.execute-api.eu-west-1.amazonaws.com) from <ip> ()
Integralist
  • 5,899
  • 5
  • 25
  • 42
  • Does `API Gateway` do the 301 redirect every time? Can you provide example URL? It seems you may not have the full path and that's why it's doing the redirect. – adamkonrad Jul 18 '15 at 19:46
  • @napalm yes. it looks to be redirecting to HTTPS, but if we put HTTPS then we get a 500 error – Integralist Jul 20 '15 at 11:09
  • Looks like your Update #2 is showing why the ProxyPass doesn't work. Try mimicking the resource on the first line /error/noindex.html. – adamkonrad Jul 20 '15 at 17:51

0 Answers0