On 03.05.2017 09:23, Yuval Schwartz wrote:
Thanks, comments below.
On Tue, May 2, 2017 at 10:43 AM, Mark Thomas <ma...@apache.org> wrote:
On 02/05/2017 07:51, Yuval Schwartz wrote:
Thanks, remarks below.
On Tue, May 2, 2017 at 12:12 AM, Mark Thomas <ma...@apache.org> wrote:
On 01/05/17 14:23, Yuval Schwartz wrote:
Tomcat version: 8.0.22
jdk: 1.8.0_05
I have a webapp that uses a tomcat server behind a load balancer.
I recently added a the option to connect to my webapp via https.
I would like to redirect all http requests to https.
I achieved this by implementing the instruction outlined here:
https://elastx.zendesk.com/hc/en-us/articles/214238826-
Force-https-with-Tomcat
However, I notice that this performs a redirect with repsonse code 302
(moved temporarily). I would like the response code to be 301.
I found this bug report on the matter:
https://bz.apache.org/bugzilla/show_bug.cgi?id=59399
Does this mean that in order to achieve a 301 redirect, I need to
update
my
tomcat version?
Yes.
Will this automatically make the redirect use a 301 response code, or is
there a setting that I need to set?
https://tomcat.apache.org/tomcat-8.0-doc/config/realm.
html#Common_Attributes
transportGuaranteeRedirectStatus
Is there anyway to achieve a 301 redirect without updating
the tomcat version?
Without patching Tomcat, no. And that isn't recommended.
Just to be clear, what "isn't recommended"? Not upgrading regularly?
Double negative interrogative forms are hard to answer.
What is not recommended is patching tomcat, for the reason detailed in Mark's next
paragraph below : new minor releases would overwrite your patch.
What is recommended is to keep your tomcat installation such, that installing a new minor
release does not cause grief.
There is information about that in the "/RUNNING.txt" file which comes with every tomcat
release.
I actually didn't know that I should be updating minor versions
regularly.
Is there any recommendation as to the frequency that I should be doing
this?
There is no fixed recommendation. However, the Tomcat team does not
produce patch releases, only new minor versions. It comes down to
whenever there is a bug or security vulnerability fixed that you care
about.
Mark
Thank you.
Mark
Thank you.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
