I have a self hosted WEB API project that needs to run over HTTPS only.
I found several articles how to do that (get SSL certificate, bind the certificate to the IP/Port using 'netsh' command, change base address to HTTPS://..., etc).
All looks good so far and I can call the service over HTTPS.
But I also need to explicitly reject all HTTP calls. When I try to call the service using HTTP I am getting '504 Timeout" error. And it takes a while to get a response from the service, it's possible to get Denial of Service.
I tried to apply a custom attribute that will check if the request comes over HTTPS but that code is never reached.
What do i need to do in order to reject HTTP calls. Again it's a self host WEB API project.
Thanks
Aucun commentaire:
Enregistrer un commentaire