How do I disable AppEngine HTTP Endpoint

Question

I see that my AppEngine endpoint is listening to both HTTP and HTTPS, how do I disable HTTP endpoint?

• http://project-id.appspot.com - I want to disable this.
• https://project-id.appspot.com

Answer 1

If you want to deny requests over http (non-ssl) then check value for X-Forwarded-Proto header and respond with error if its value it http.

This header is added by GAE. https://cloud.google.com/appengine/docs/standard/java-gen2/reference/request-response-headers

X-Forwarded-Proto [http | https] Shows http or https based on the protocol the client used to connect to your application.

The Google Cloud Load Balancer terminates all https connections, and then forwards traffic to App Engine instances over http. For example, if a user requests access to your site via https://PROJECT_ID.REGION_ID.r.appspot.com, the X- Forwarded-Proto header value is https.

Answer 2

You cannot exactly disable it, but you can force a redirect to the HTTPS one.

If the endpoint runs in the standard environment you just need to set the secure: always config for the respective handlers in the app.yaml config file:

always

Requests for a URL that match this handler that do not use HTTPS are automatically redirected to the HTTPS URL with the same path. Query parameters are preserved for the redirect.

If it's in the flexible environment things are a bit more complicated, follow this thread: Force SSL on App Engine Flexible Environment Custom Runtime