Home > database >  URLs containing special characters (`<>^|`) blocked by api gateway, never makes it to lambda
URLs containing special characters (`<>^|`) blocked by api gateway, never makes it to lambda

Time:12-04

How can I get requests with urls containing any of these special chars <>^| to make it to my lambda behind api gateway, and not be blocked at api gateway?


Problem: We have a lambda triggered by api gateway, and the lambda responds normally to most requests. But, a url with certain special chars (<>^|) returns a 400 bad_request without ever being delivered to the lambda. When the url-encoded alternative (i.e. | in place of |) is used in the url instead, the lambda responds without issues.

At first, our team presumed that the requests containing these special chars, specifically vertical bar (|), were being blocked by AWS WAF. But the WAF graph doesn't register that the requests ever hit, leading us to think this could be an api gateway issue.


What's been tried: ran the same curl request 10 times against a deployed server. Nine of those times, used a special char in url endpoint, tenth time, used encoded equivalent.

Encoded attempt went through, and lambda responded without issue. All nine other attempts failed, and did not show up in AWS console, or the WAF graph.


Outside of informing our users to always encode these special chars in the url bodies as a 'fix', would super appreciate any insights into this api gateway issue. Thanks.

CodePudding user response:

Not all characters are supported. From docs:

Path segments can only contain alphanumeric characters, hyphens, periods, commas, colons, and curly braces. Path parameters must be separate path segments.

  • Related