Returns 404 when HTTP is disabled

danielhoenig
Participant III

We setup our proxy to only accept HTTPS requests. But when our security audits happen they show a vulnerability that HTTP is still accepted because Apigee returns a 404 with the following HTML. How do we get Apigee to not respond to HTTP requests?

<!DOCTYPE html>
<html>
<head>
 <title>Error</title>
 <style>
 body {
 width: 35em;
 margin: 0 auto;
 font-family: Tahoma, Verdana, Arial, sans-serif;
 }
 </style>
</head>
<body>
 <h1>An error occurred.</h1>
 <p>Sorry, the page you are looking for is currently unavailable.<br/>
Please try again later.</p>
</body>
</html> 
0 1 117
1 REPLY 1

I'd recommend taking a look at your virtual hosts for all your environments and removing any that are configured on port 80. Even if your proxies aren't configured to accept requests on that virtual host the router will still listen on that port.