How to get major appengine issues fixed?

[Jan Killian]

Hi fellow appengine developers,

we have a major impact issue on an european bank application, which is their first Google Apps and Google Cloud experience. We'd need this to be addressed to keep the trust that Google can provide the service. Is there any option to get such a major issues fixed in a reasonable time? Preferably other than paying for a premier account, which is not needed for this pilot product at this time.

The issue was already reported on appengine public issue tracker for over a month: http://code.google.com/p/googleappengine/issues/detail?id=7979

App Engine returns 403 on http://customdomain, instead of redirecting it to https, when secure:always is set in app.yaml. Authentication for the application is set to Google Apps domain, which may (or may not) play role in triggering the issue.

http://appid.appspot.com redirects correctly to https://appid.appspot.com

http://customdomain -> returns 403

https://customdomain -> works

Thanks for a very good and beautifully designed service otherwise
Jan

[Richard Watson]

One backup is to use Cloudflare.com for the SSL, which allows you to set rules up in a fine-grained way. It adds a bit of complexity to your stack but should get you running within a couple hours, and then you can wait for GAE to help with this.

Personally if it was for a bank app, even a pilot, I'd pay the $500 for support since it'll likely cost you more to work around the problem.

[Ernesto Oltra]

Why don't you program the redirect manually in the meanwhile? It's easy to manage the router to change http to https with only one handler (in fact I do this to redirect my users from the X.appspot.com domain to the X.com one)

On Thursday, October 25, 2012 9:50:16 AM UTC+2, Jan Killian wrote:

[johnP]

That's strange - I just tried testing this on my site, and it does redirect (as far as I can tell... :)  Are you using  VIP SSL?  I am...  Maybe there is a difference in implementation, which makes a difference.  It might be worth the $40/month in your case :)

[Jan Killian]

Thanks for input Richard. Yes, we're going to get the Premium support sooner or later. For now we chosen a quick workaround. Cloudflare looks promising, but is overkill for this, we just implemented the redirects ourselves and did not have to change DNS and SSL. 

[Jan Killian]

Thanks for hint Ernesto, yes, that's exactly what we did, 

The issue has proven link to Google Page Speed service, as Bob discovered. When disabled in application console, the redirect works ok. When re-enabled, it fails again.

The issue is **observed** on production application with PageSpeed, **VIP SSL**, Google Apps domain authorization, Google Apps data set to store in **EU** Data Centers only.

The issue is **not observed** on testing application with PageSpeed, **SNI SSL**, Google Apps domain authorization, without EU data location restriction.

So, the SSL settings may also play role, as johnP noted.

As a temporary workaround, we commented out *secure:always* for the site entry url's in *app.yaml*, and decorated their handler methods with https://gist.github.com/3974365.

There's also stack overflow question on this topic, if you have similar issue, or look for solution.

http://stackoverflow.com/questions/13064081/how-to-get-major-appengine-issues-fixed