stackoom
  简体   繁体   中英

AWS - HTTP API Gateway - How do I block favicon requests?

 原文  2021-04-30 14:00:52       amazon-web-services/ aws-api-gateway/ aws-http-api

Question

I'm using a HTTP API Gateway to trigger a lambda invocation. When I use the url from postman, no issues. When I use it from my browser, it always makes a 2nd request, for the favicon.

Is there anyway in the gateway itself to block the favicon request from getting to the lambda?

I'm using the following terraform:

resource "aws_apigatewayv2_api" "retry_api" {
  name          = "${var.environment}_${var.cdp_domain}_retry_api"
  protocol_type = "HTTP"
  description   = "To pass commands into the retry lambda."
  target = module.retry-support.etl_lambda_arn
}

resource "aws_lambda_permission" "allow_retry_api" {
  statement_id  = "AllowAPIgatewayInvokation"
  action        = "lambda:InvokeFunction"
  function_name = module.retry-support.etl_lambda_arn
  principal     = "apigateway.amazonaws.com"
  source_arn = "${aws_apigatewayv2_api.retry_api.execution_arn}/*/*"
}

2 answers

solution1
 1 ACCPTED  2021-05-13 06:31:53

This won't block the favicon request made from the browser, rather won't invoke the Lambda for those requests.

Assuming the API endpoint is /hello and the http method is GET , you can restrict api-gateway to invoke the lambda for only this URL. The format would be like this.

arn:${AWS::Partition}:execute-api:${AWS::Region}:${AWS::AccountId}:${__ApiId__}/${__Stage__}/GET/hello

So the source_arn in aws_lambda_permission would change to something like this

source_arn = "${aws_apigatewayv2_api.retry_api.execution_arn}/*/*/GET/hello"

The answer assumes the existing / in the end is for apiId and stage respectively. Otherwise check the value for ${aws_apigatewayv2_api.retry_api.execution_arn} and make modifications accordingly.

This answer can also help. You can provide the openapi specification in the body for your supported path only. For the above case the relevant path section of the openapi specification invoking a Lambda named HelloWorldFunction would look like

  "paths": {
        "/hello": {
          "get": {
            "x-amazon-apigateway-integration": {
              "httpMethod": "POST",
              "type": "aws_proxy",
              "uri": {
                "Fn::Sub": "arn:${AWS::Partition}:apigateway:${AWS::Region}:lambda:path/2015-03-31/functions/${HelloWorldFunction.Arn}/invocations"
              },
              "payloadFormatVersion": "2.0"
            },
            "responses": {} //Provide the expected response model
          }
        }
      }

Here is a link to OpenApi Specification.

solution2
 0  2021-05-18 19:52:32

Normally, I would do this by putting cloudfront in front of the API gateway, and map the favicon.ico to an S3 bucket.

If you really want to handle it at the API GW level, you can create a /favicon.ico route, and set the integration to MOCK - this will return a specific value, and not invoke lambda (or any other back end).

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How do I rate limit the beta HTTP Api from AWS API Gateway How do I map multiple HTTP parameters to a JSON array using AWS API Gateway How do I sign AWS API requests? Redirect http:// requests to https:// on AWS API Gateway (using Custom Domains) How do I convert XML to JSON AWS API Gateway? How do I respond with a request header in AWS API Gateway How do I avoid AWS API Gateway returning a 400 error? How do I secure an AWS API Gateway with Cognito? How do I create an AWS API Gateway usageplan with a Marketplace productCode How do I set the cache key for the AWS API Gateway?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM