tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: Forcing SSL use
Date Mon, 07 Mar 2011 20:06:47 GMT
Olivier Lefevre wrote:
> On 3/7/2011 1:27 PM, Konstantin Kolinko wrote:
>> Why do you forbid HEAD? IMHO it should have the same constraints as
>> GET, because browsers use them together.
> 
> OK. That doesn't answer my question, though.
> 
> But in the meantime I realized that in the access log there are pairs
> of entries with status 302 and then 200 for each of these requests.
> Using the Live HTTP headers plugin confirmed the behaviour: the
> server responds with 302 and the https URL, following which the
> browser retries with that URL.
> 
Slightly off-topic, but maybe of interest about the above :
 From previous experience, I remember that at least several versions of IE, systematically

issue first a HEAD request for any request, and then follow-up with a GET request for the

same resource.
Many robots have a similar behaviour : they will first try HEAD (because they are being 
nice and a HEAD is less costly for the server), and only if the HEAD fails, they try a GET.
So only for efficiency reasons, you may want to allow the HEAD requests.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message