Score:0

Tomcat HTTP to HTTPS redirect does not change port

de flag

I have problems getting HTTP to HTTPS redirect to work in my Tomcat.

in Server.xml I have the connectors

     <Connector port="8080" protocol="HTTP/1.1" redirectPort="8443" />

     <Connector port="8443" maxHttpHeaderSize="8192" maxThreads="100"
           minSpareThreads="25" maxSpareThreads="75"
           enableLookups="false" disableUploadTimeout="true"
           acceptCount="100" scheme="https" secure="true"
           SSLEnabled="true" clientAuth="false"
           sslProtocol="TLS" keyAlias="some_alias"
           keystoreFile="secret-keystore-files"
           keystorePass="Supersafepassword" />

and in web.xml


    <security-constraint>
        <web-resource-collection>
            <web-resource-name>HTTPSOnly</web-resource-name>
            <url-pattern>/*</url-pattern>
        </web-resource-collection>
        <user-data-constraint>
            <transport-guarantee>CONFIDENTIAL</transport-guarantee>
        </user-data-constraint>
    </security-constraint>

HTTPS works fine with no certificate issues, but when I access http://server:8080 I get redirected to https://server:8080 (same port) and not 8443 as expected.

Score:1
it flag
Ben

As already answered:

The problem was due to caching the redirect location in the browser. (Some browsers may handle redirect caching differently)

Make sure not to use the HTTP 301 redirect if you often change the location...

More Information: https://stackoverflow.com/questions/9130422/how-long-do-browsers-cache-http-301s

de flag
Thank you for the answer. Is there any way around this, otherwise I would have to make all users clear their browser cache. I will only make this change once, I hope....
it flag
Ben
You might temporarily add another/additional redirect or something like that. So it could be chain of redirects or you "inject" a dialog for the user to clear their cache. Something like that comes to my mind by solving this issue. Actually the answer is in the link above. Look for: "If you previously issued a 301 redirect but want to un-do that"
Score:0
de flag

Seems there was something left in my Chrome browser. It works in Edge and an incognito Chrome browser

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.