I have an API running in Google App Engine and I want to introspect HTTP POST body to reject poorly formed calls before it hits my API running in app engine. Is there a way to front an App Engine application whereby I can introspect the URI, the POST body and return a 400 without it actually being processed by my code running in App Engine? Please let me know, thanks.
If you want to inspect HTTP, then you will need to write a proxy application to do so. Neither the Google Cloud Load Balancer nor App Engine support hooking HTTP requests.
Proxies have the MITM (Man In The Middle) problem in that HTTP traffic is often encrypted. You will not be able to inspect that traffic unless your proxy is the endpoint. If you implement your proxy with Apache or Nginx then you can use the ModSecurity project.
Basically, you want to implement a WAF. Google offers Cloud Armor which supports inspecting traffic via Cloud Armor rules.
App Engine Standard supports automatic gzip compression of responses if the client has the correct Accept-Encoding and User-Agent headers set on the request. Info on this can be found here and here.
I am running a project in the App Engine Flexible Beta and it does not auto compress the responses. Is auto response compression present on the Flexible Beta? If not, what is the recommended approach to compress responses?
Presently, App Engine Flexible Beta will not compress responses. Most web servers can be configured to compress responses. Which web server are you using?
I deploy my website to google appengine and I want to take advantage of http/2 (specifically http push) for clients which support it but still serve the bundled version to http/1.x clients.
How can I check the protocol version (using python or even the app.yaml)?
Check the request header for Upgrade or send a 426 upgrade reqd
i'm using https on appengine. i checked not all request are using https spdy in firefox. Is there any thing that need to configure so that all requests are using spdy ?
?
As long as the file is served over https and by appengine servers, then it will be served over SPDY -- if the browser supports SPDY that is. Can't tell from your screenshot.. but if any of those files come from a different origin (ex, a third party widget), then those files may be served over plain HTTPS if they don't support SPDY.
From this question I learned that Google App Engine does not currently support SSL on "custom domains" (at least not as of June 2010, when that question was asked).
Does this mean if I want to host my GAE app on www.mydomain.com, I cannot use SSL?
A few days ago it comes into tests.
Priority:
It is at the top of the Features on Deck list.
http://code.google.com/appengine/docs/roadmap.html
Simultaneous serving:
A custom domain hosted app such as http://www.mydomain.com can still be accessed on its ssl appspot subdomain such as https://yourapp.appspot.com
Issue:
http://groups.google.com/group/google-appengine/browse_thread/thread/844dc97fbfc57bab/0c8651f00072f9ea?lnk=gst&q=ssl#0c8651f00072f9ea
(As the others on here have said) SSL is not currently supported for your own domain. It is aparently on it's way but has been for some time, I believe it is currently only available to a select few Google App Engine for Business customers.
The temporary solution which many (myself included) are using is to setup a reverse proxy from another hosting service (Amazon EC2 in my case) to route SSL traffic.
If your app suits the situation where your URLs are not of importance, you could setup an SSL site somewhere and access your https://xxx.appspot.com version from within an iframe
Either way until GAE offically supports SSL via your Google Apps domains, you will need an external service to workaround it.
Custom SSL is available for App Engine since 27 Jun 2012.
You can setup it from your domain's control panel:
https://developers.google.com/appengine/docs/ssl
All secure traffic with Google App Engine must be served from your appspot.com domain (https://your-app-id.appspot.com). If you are serving your app off of a Google Apps domain, you must direct all secure traffic through your app's appspot domain.
This is what is written in google app engine documentation. That means. SSL is supported on appspot.com domain
You can get SSL to work on your custom domain hosted on AppEngine, however you need to run a reverse proxy that can modify the host header to do so. If you want to setup a reverse proxy yourself, you can do so following these instructions:
http://radomirml.com/2011/01/30/reverse-proxy-for-gae-application-using-nginx-and-ssl
Alternatively, you can use a reverse proxy service like CloudFlare. The process of getting SSL to work with an appspot.com domain is documented on the CloudFlare Blog:
http://blog.cloudflare.com/ssl-on-custom-domains-for-appengine-and-other
You can use wwwizer.com - it is a reverse proxy service with SSL.
You get an individual IP and it is showing your app both on http and https ports. It is cheaper and easier than hosting the whole server yourself.
This is my service, so, yes, this is blatant advertising :-)
Here's a HOWTO I wrote up explaining how to do SSL on your custom domain using CloudFlare:
http://blorn.com/post/20185054195/ssl-for-your-domain-on-google-app-engine
Since Sdk 1.7.0, released at Google I/O, developers can serve their applications via HTTPS on custom domains using both SNI (Server Name Indication) and VIP (Virtual Ip) based SSL.