Bin, > Peter: > Our Load balancer uses a VIP to do the redirect, so when a request coming in > as http://lb-api:8080, it changes it into https://lb-api:8443 and submit to > the api server behind. I could not see any redirect logged into the access > log. However, if I submit a request to the api server directly using > http://my-api:8080, I'd see a redirect return code of 302 and another entry > after that with the request to port 8443. Almost make me thing it might be > the load balancer that is redirecting the POST request to a GET. Is that > possible? > > Thank you again,
The redirect takes place in the client. What kind of client do you use? Could you send us the response headers from the two setups? You did not answer on my recommendation to fix the app to be https from the start. In that case the redirect will be unnecessary... Peter > > Bin > > -----Original Message----- > From: Kreuser, Peter [mailto:pkreu...@airplus.com] > Sent: Friday, January 20, 2017 1:43 AM > To: Tomcat Users List <users@tomcat.apache.org> > Subject: AW: https redirect failed for POST request when behind a load > balancer > > Hi Bin > > > > I wonder if the redirect will use a 301 or 302 and that per default results > in a GET. How is this implemented in the loadbalancer? > > > As I read a 307 should preserve the request method. From: > https://urldefense.proofpoint.com/v2/url?u=http-3A__stackoverflow.com_questions_13628831_apache-2D301-2Dredirect-2Dand-2Dpreserving-2Dpost-2Ddata&d=DwIGaQ&c=uilaK90D4TOVoH58JNXRgQ&r=T34XNMuHs99f3YkStEdBgUp9XTcpTRir8U9GVk2H5hQ&m=quLXN4mLB8a4NNSXBq_y8iftNygJUC3ZqeL5gYH46So&s=Cr-WfGYAinyNBtKqFUGgzoXRehN9Mfw-Ssq2Q24Hpvk&e= > > > > > If you want to enforce the redirect to https, you should however consider a > different approach. > > > > If it is necessary to protect the data, no POST should ever go to http/port > 8080, as the data will be open in the first request. > > So in my opinion the calling website/application that is sending the data to > 8080 should be modified in the first place. > > > > Best regards > > > > Peter > > > > > -----Original Message----- > > > From: Konstantin Kolinko [mailto:knst.koli...@gmail.com] > > > Sent: Wednesday, January 18, 2017 11:43 PM > > > To: Tomcat Users List <users@tomcat.apache.org> > > > Subject: Re: https redirect failed for POST request when behind a load > > balancer > > > > > > 1. You know that "api-lb" and "lb-api" above are two different host names? > > > > > > 2. What HTTP response code is send to client to perform the redirection? > > > (What is displayed by access log? Or by "network" monitoring tool in > > browser. What are actual responses to perform the redirection). > > > > > > Some response codes used for redirects allow the browser to change POST to > > GET, some do not. See the HTTP protocol specification for details. > > > https://urldefense.proofpoint.com/v2/url?u=https-3A__wiki.apache.org_tomcat_Specifications&d=DwIFaQ&c=uilaK90D4TOVoH58JNXRgQ&r=T34XNMuHs99f3YkStEdBgUp9XTcpTRir8U9GVk2H5hQ&m=g9XvhdAG4g80Ajw7i4CvF3kysWtESxDF6NFX8j630c8&s=mOjl8_uOfuo3lfn8xDS6jwCZao9az7SjXLxgAh-2Twc&e= > > > > > > > > Is redirect performed by a single response, or there are several redirect > > responses in a chain, A -> B -> C/ ? > > > > > > 3. Actual configuration? > > > > > > (For someone else to reproduce the issue or to match your tale to their > > configs). > > > > > > Best regards, > > > Konstantin Kolinko > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > > > For additional commands, e-mail: users-h...@tomcat.apache.org > > > > > > > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
