Peter: To answer your questions 1. The response header when using 8080 to post, I got:
Status Code: 405 Method Not Allowed Allow: POST Cache-Control: private Content-Language: en Content-Length: 1045 Content-Type: text/html;charset=utf-8 Date: Mon, 23 Jan 2017 18:48:07 GMT Expires: Wed, 31 Dec 1969 16:00:00 PST Server: Apache-Coyote/1.1 This agrees to the access log record When using 8443 for the same POST operation, I got: Status Code: 201 Created Content-Length: 277 Content-Type: application/xml Date: Mon, 23 Jan 2017 18:51:25 GMT Server: Apache-Coyote/1.1 Which also agrees to the access log record. For your second question: I understand the risk and consequence of using redirect for POST, this is just an alternative for us for a short period of time, we will force all our users to move the https before we can shut down the 8080 for POST. We are working on that in the meantime. Thank you very much, Bin -----Original Message----- The redirect takes place in the client. What kind of client do you use? Could you send us the response headers from the two setups? You did not answer on my recommendation to fix the app to be https from the start. In that case the redirect will be unnecessary... Peter