Modern HTTP Request activity(UiPath.Web.Activities.Http.NetHttpRequest)consistently returns 403 Forbidden for authenticated GET requests routed through AWS ALB with WAF, while, Legacy HTTP Request acitivity(UiPath.Web.Activities.HttpClient)work correctly with the config (URL, token, and headers).
NetHttpRequest fails because it uses HTTP/2, and AWS ALB/WAF does not reliably process Authorization headers on HTTP/2 GET requests, while HttpClient forces HTTP/1.1 and succeeds.
So for ALB-Protected GET Endpoints, using UiPath.Web.Activities.HttpClient(HTTP Request legacy activity or invoke code).
Maybe forcing or exposing version control for (HTTP1/1 or HTTP/2) option on the modern HTTP Request activity could fix this issue.
Can you check in the aws logs for the exact issue…may be some firewall rules are blocking it to process the request and http/1.1 might be exempted or being over looked
Hi @Anil_G, I have a working solution and wanted to share with the community (NetHttpRequest works actually for POST for auth request, this occurred on GET Request). Hopefully, it can help anyone facing a similar issue. It would also be great if we had the option to choose the HTTP version, maybe through a toggle or setting, as that could make things even easier. For now, I just wanted to share this in case it’s useful to someone.