I have an API using lambdas and deployed in AWS. The API is coded in .Net Core and the front is coded in angular15.
I need that any method that is not GET or POST be rejected when is called from the base URL of the web application. When I test the URL root of my web I always receive a status code of 200. I want to refuse any connection from not GET neither POST methods with a status code of 405.
I've tried changing the middleware of each lambda of the API project to reject those connections. It works partially but it is not affecting the root URL of the web.
I have configured the API gateway in AWS, to let pass just the GET and POST methods and nothing else but it is not working. I added a method ANY to the root of the API Gateway configured as mock and to return a 405 and nothing too.
I configured only an ANY method in the root of the API Gateway pointing to a lambda and in this lambda I coded the middleware to refuse not GET or POST method. Doesn´t work as well.
Finally, I change the routing of the angular front with an interceptor and a guard as well to block any connection using not GET or POST method. It didn´t work and won´t work in advance because they can call directly to the API without cross the front (using POSTMAN for example).
My guessing is should be some part in my backend code where I can block the first call to the URL root. But my backend is configured by modules where each module accepts calls for their specific functionality. There isn´t some specific place where I can´t block the URL root calls. -- At least under my limited knowledge --
Can you give me a hand? From my code, from API Gateway, in general in AWS (I can´t use AWS WAF) or whatever that gives me a chance. Many Thanks for your patient.
