diff --git a/cmd/e2e-test/basic_test.go b/cmd/e2e-test/basic_test.go
index e9d2f71911..71fd476d17 100644
--- a/cmd/e2e-test/basic_test.go
+++ b/cmd/e2e-test/basic_test.go
@@ -302,7 +302,7 @@ func TestFrontendResourceDeletion(t *testing.T) {
 			}
 			// Wait for unused frontend resources to be deleted.
 			if err := e2e.WaitForFrontendResourceDeletion(ctx, Framework.Cloud, gclb, deleteOptions); err != nil {
-				t.Errorf("e2e.WaitForIngressDeletion(..., %q, _) = %v, want nil", ingKey, err)
+				t.Errorf("e2e.WaitForFrontendResourceDeletion(..., %q, _) = %v, want nil", ingKey, err)
 			}
 			if gclb, err = e2e.WhiteboxTest(ing, s, Framework.Cloud, ""); err != nil {
 				t.Fatalf("e2e.WhiteboxTest(%s, ...) = %v, want nil", ingKey, err)
@@ -333,6 +333,10 @@ func TestFrontendResourceDeletion(t *testing.T) {
 			if ing, err = e2e.WaitForIngress(s, ing, &e2e.WaitForIngressOptions{ExpectUnreachable: true}); err != nil {
 				t.Fatalf("error waiting for Ingress %s to stabilize: %v", ingKey, err)
 			}
+			if ing, err = e2e.WaitForHTTPResourceAnnotations(s, ing); err != nil {
+				t.Fatalf("error waiting for http annotations on Ingress %s: %v", ingKey, err)
+			}
+
 			gclb, err = e2e.WhiteboxTest(ing, s, Framework.Cloud, "")
 			if err != nil {
 				t.Fatalf("e2e.WhiteboxTest(%s, ...)= %v, want nil", ingKey, err)
diff --git a/pkg/e2e/helpers.go b/pkg/e2e/helpers.go
index b3c5c915a2..604078cead 100644
--- a/pkg/e2e/helpers.go
+++ b/pkg/e2e/helpers.go
@@ -60,6 +60,9 @@ const (
 	k8sApiPoolInterval = 10 * time.Second
 	k8sApiPollTimeout  = 30 * time.Minute
 
+	updateIngressPollInterval = 30 * time.Second
+	updateIngressPollTimeout  = 15 * time.Minute
+
 	healthyState = "HEALTHY"
 )
 
@@ -141,6 +144,33 @@ func WaitForIngress(s *Sandbox, ing *v1beta1.Ingress, options *WaitForIngressOpt
 	return ing, err
 }
 
+// WaitForHTTPResourceAnnotations waits for http forwarding rule annotation to
+// be added on ingress.
+// This is to handle a special case where ingress updates from https only to http
+// or both http and https enabled. Turns out port 80 on ingress VIP is accessible
+// even when http forwarding rule and target proxy do not exist. So, ingress
+// validator thinks that http load balancer is configured when https only
+// configuration exists.
+// TODO(smatti): Remove this when the above issue is fixed.
+func WaitForHTTPResourceAnnotations(s *Sandbox, ing *v1beta1.Ingress) (*v1beta1.Ingress, error) {
+	ingKey := fmt.Sprintf("%s/%s", s.Namespace, ing.Name)
+	klog.V(3).Infof("Waiting for HTTP annotations to be added on Ingress %s", ingKey)
+	err := wait.Poll(updateIngressPollInterval, updateIngressPollTimeout, func() (bool, error) {
+		var err error
+		crud := IngressCRUD{s.f.Clientset}
+		if ing, err = crud.Get(s.Namespace, ing.Name); err != nil {
+			return true, err
+		}
+		if _, ok := ing.Annotations[annotations.HttpForwardingRuleKey]; !ok {
+			klog.V(3).Infof("HTTP forwarding rule annotation not found on ingress %s, retrying", ingKey)
+			return false, nil
+		}
+		klog.V(3).Infof("HTTP forwarding rule annotation found on ingress %s", ingKey)
+		return true, nil
+	})
+	return ing, err
+}
+
 // WaitForFinalizer waits for Finalizer to be added.
 // Note that this is used only for upgrade tests.
 func WaitForFinalizer(s *Sandbox, ing *v1beta1.Ingress) (*v1beta1.Ingress, error) {
diff --git a/pkg/fuzz/validator.go b/pkg/fuzz/validator.go
index a896637643..994fefe606 100644
--- a/pkg/fuzz/validator.go
+++ b/pkg/fuzz/validator.go
@@ -29,6 +29,7 @@ import (
 	"github.com/google/go-cmp/cmp"
 	"k8s.io/api/core/v1"
 	"k8s.io/api/networking/v1beta1"
+	"k8s.io/ingress-gce/pkg/annotations"
 	backendconfig "k8s.io/ingress-gce/pkg/apis/backendconfig/v1beta1"
 	"k8s.io/ingress-gce/pkg/utils/common"
 	"k8s.io/ingress-gce/pkg/utils/namer"
@@ -119,7 +120,13 @@ func (a *IngressValidatorAttributes) schemes() []string {
 
 // baseAttributes apply settings for the vanilla Ingress spec.
 func (a *IngressValidatorAttributes) baseAttributes(ing *v1beta1.Ingress) {
-	a.CheckHTTP = true
+	// Check HTTP endpoint only if its enabled.
+	if annotations.FromIngress(ing).AllowHTTP() {
+		a.CheckHTTP = true
+	} else {
+		a.CheckHTTP = false
+	}
+
 	if len(ing.Spec.TLS) != 0 {
 		a.CheckHTTPS = true
 	}