Amazon ALB - Redirect changes http method to GET

Question

I have an AWS ALB configured in such a way that it should REDIRECT (302) requests to https://example.com/api/v1/* to another region. However, it turns out, that the REDIRECT functionality of hte AWS ALB is changing all http: methods (POST, PUT, ...) to GET - so on the target server, I only receive "GET" Requests.

Now I don't know whether this is

1. intended behavior
2. a bug in AWS
3. a settings issue

Can anyone help solve the puzzle ?

Answer 1

I think it is intended behaviour.

The issue you are experiencing is composed of the following:

1. It is not the ALB which changes the method but the client you are using.
2. AWS ALB does not support the proper HTTP status code you need to redirect POST -> POST which is 307.

Let me explain a little bit more in detail:

• AWS states: "You can configure redirects as either temporary (HTTP 302) or permanent (HTTP 301) based on your needs." [1] I do not know why they limit their response codes to those two only. That is something you should probably ask the AWS support team.
• "In HTTP 1.1, there actually is a status code (307) which indicates that the request should be repeated using the same method and post data." [2]
• There is a thread which explains why the user agents interpret a 302 as a request to redirect via GET instead of POST. [3]
• You can find the spec in RFC 2616, section "10.3.3 302 Found". [4]
• You can also read about this behaviour on the man page of the curl command under section "-L/--location" and "--post302". [5]

[1] https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-listeners.html#redirect-actions
[2] https://softwareengineering.stackexchange.com/questions/99894/why-doesnt-http-have-post-redirect
[3] What is the correct behavior expected of an HTTP POST => 302 redirect to GET?
[4] https://www.ietf.org/rfc/rfc2616.txt
[5] https://linux.die.net/man/1/curl