15

I have an AWS ALB configured in such a way that it should REDIRECT (302) requests to https://example.com/api/v1/* to another region. However, it turns out, that the REDIRECT functionality of hte AWS ALB is changing all http: methods (POST, PUT, ...) to GET - so on the target server, I only receive "GET" Requests.

Now I don't know whether this is

  1. intended behavior
  2. a bug in AWS
  3. a settings issue

Can anyone help solve the puzzle ?

ErikM
  • 591
  • 1
  • 4
  • 13

2 Answers2

15

I think it is intended behaviour.

The issue you are experiencing is composed of the following:

  1. It is not the ALB which changes the method but the client you are using.
  2. AWS ALB does not support the proper HTTP status code you need to redirect POST -> POST which is 307.

Let me explain a little bit more in detail:

  • AWS states: "You can configure redirects as either temporary (HTTP 302) or permanent (HTTP 301) based on your needs." [1] I do not know why they limit their response codes to those two only. That is something you should probably ask the AWS support team.
  • "In HTTP 1.1, there actually is a status code (307) which indicates that the request should be repeated using the same method and post data." [2]
  • There is a thread which explains why the user agents interpret a 302 as a request to redirect via GET instead of POST. [3]
  • You can find the spec in RFC 2616, section "10.3.3 302 Found". [4]
  • You can also read about this behaviour on the man page of the curl command under section "-L/--location" and "--post302". [5]

[1] https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-listeners.html#redirect-actions
[2] https://softwareengineering.stackexchange.com/questions/99894/why-doesnt-http-have-post-redirect
[3] What is the correct behavior expected of an HTTP POST => 302 redirect to GET?
[4] https://www.ietf.org/rfc/rfc2616.txt
[5] https://linux.die.net/man/1/curl

Martin Löper
  • 6,471
  • 1
  • 16
  • 40
  • 4
    In my case, I was using Postman as client and apparently there is a setting called "Follow original HTTP Method" which is disabled by default. After turning it on POST didn't change to GET. But now looks like it is missing the body when redirecting. – Jenson Nov 07 '19 at 20:38
  • @Jenson Did you end up finding a solution to POST to an ALB from Postman ? I have the exact same issue as you. – Chapo Aug 18 '20 at 08:39
0

For reference here: We ended up setting up rewrite resp. redirect rules on a proxy running NGINX, where nginx.conf file provides full flexibility to use redirect 301 / 302 / 307 or 308.

ErikM
  • 591
  • 1
  • 4
  • 13