Peter: Our Load balancer uses a VIP to do the redirect, so when a request coming in as http://lb-api:8080, it changes it into https://lb-api:8443 and submit to the api server behind. I could not see any redirect logged into the access log. However, if I submit a request to the api server directly using http://my-api:8080, I'd see a redirect return code of 302 and another entry after that with the request to port 8443. Almost make me thing it might be the load balancer that is redirecting the POST request to a GET. Is that possible?
Thank you again, Bin -----Original Message----- From: Kreuser, Peter [mailto:pkreu...@airplus.com] Sent: Friday, January 20, 2017 1:43 AM To: Tomcat Users List <users@tomcat.apache.org> Subject: AW: https redirect failed for POST request when behind a load balancer Hi Bin I wonder if the redirect will use a 301 or 302 and that per default results in a GET. How is this implemented in the loadbalancer? As I read a 307 should preserve the request method. From: https://urldefense.proofpoint.com/v2/url?u=http-3A__stackoverflow.com_questions_13628831_apache-2D301-2Dredirect-2Dand-2Dpreserving-2Dpost-2Ddata&d=DwIGaQ&c=uilaK90D4TOVoH58JNXRgQ&r=T34XNMuHs99f3YkStEdBgUp9XTcpTRir8U9GVk2H5hQ&m=quLXN4mLB8a4NNSXBq_y8iftNygJUC3ZqeL5gYH46So&s=Cr-WfGYAinyNBtKqFUGgzoXRehN9Mfw-Ssq2Q24Hpvk&e= If you want to enforce the redirect to https, you should however consider a different approach. If it is necessary to protect the data, no POST should ever go to http/port 8080, as the data will be open in the first request. So in my opinion the calling website/application that is sending the data to 8080 should be modified in the first place. Best regards Peter > -----Original Message----- > From: Konstantin Kolinko [mailto:knst.koli...@gmail.com] > Sent: Wednesday, January 18, 2017 11:43 PM > To: Tomcat Users List <users@tomcat.apache.org> > Subject: Re: https redirect failed for POST request when behind a load > balancer > > 1. You know that "api-lb" and "lb-api" above are two different host names? > > 2. What HTTP response code is send to client to perform the redirection? > (What is displayed by access log? Or by "network" monitoring tool in browser. > What are actual responses to perform the redirection). > > Some response codes used for redirects allow the browser to change POST to > GET, some do not. See the HTTP protocol specification for details. > https://urldefense.proofpoint.com/v2/url?u=https-3A__wiki.apache.org_tomcat_Specifications&d=DwIFaQ&c=uilaK90D4TOVoH58JNXRgQ&r=T34XNMuHs99f3YkStEdBgUp9XTcpTRir8U9GVk2H5hQ&m=g9XvhdAG4g80Ajw7i4CvF3kysWtESxDF6NFX8j630c8&s=mOjl8_uOfuo3lfn8xDS6jwCZao9az7SjXLxgAh-2Twc&e= > > > Is redirect performed by a single response, or there are several redirect > responses in a chain, A -> B -> C/ ? > > 3. Actual configuration? > > (For someone else to reproduce the issue or to match your tale to their > configs). > > Best regards, > Konstantin Kolinko > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
