tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bin Chen <binc...@vmware.com>
Subject RE: https redirect failed for POST request when behind a load balancer
Date Fri, 20 Jan 2017 22:29:13 GMT
Peter:
Our Load balancer uses a VIP to do the redirect, so when a request coming in as http://lb-api:8080,
it changes it into https://lb-api:8443 and submit to the api server behind. I could not see
any redirect logged into the access log. However, if I submit a request to the api server
directly using http://my-api:8080, I'd see a redirect return code of 302 and another entry
after that with the request to port 8443. Almost make me thing it might be the load balancer
that is redirecting the POST request to a GET. Is that possible?

Thank you again,

Bin

-----Original Message-----
From: Kreuser, Peter [mailto:pkreuser@airplus.com] 
Sent: Friday, January 20, 2017 1:43 AM
To: Tomcat Users List <users@tomcat.apache.org>
Subject: AW: https redirect failed for POST request when behind a load balancer

Hi Bin



I wonder if the redirect will use a 301 or 302 and that per default results in a GET. How
is this implemented in the loadbalancer?


As I read a 307 should preserve the request method. From: https://urldefense.proofpoint.com/v2/url?u=http-3A__stackoverflow.com_questions_13628831_apache-2D301-2Dredirect-2Dand-2Dpreserving-2Dpost-2Ddata&d=DwIGaQ&c=uilaK90D4TOVoH58JNXRgQ&r=T34XNMuHs99f3YkStEdBgUp9XTcpTRir8U9GVk2H5hQ&m=quLXN4mLB8a4NNSXBq_y8iftNygJUC3ZqeL5gYH46So&s=Cr-WfGYAinyNBtKqFUGgzoXRehN9Mfw-Ssq2Q24Hpvk&e=
 



If you want to enforce the redirect to https, you should however consider a different approach.



If it is necessary to protect the data, no POST should ever go to http/port 8080, as the data
will be open in the first request.

So in my opinion the calling website/application that is sending the data to 8080 should be
modified in the first place.



Best regards



Peter 



> -----Original Message-----

> From: Konstantin Kolinko [mailto:knst.kolinko@gmail.com] 

> Sent: Wednesday, January 18, 2017 11:43 PM

> To: Tomcat Users List <users@tomcat.apache.org>

> Subject: Re: https redirect failed for POST request when behind a load balancer

> 

> 1. You know that "api-lb" and "lb-api" above are two different host names?

> 

> 2. What HTTP response code is send to client to perform the redirection?

> (What is displayed by access log? Or by "network" monitoring tool in browser.  What are
actual responses to perform the redirection).

> 

> Some response codes used for redirects allow the browser to change POST to GET, some
do not. See the HTTP protocol specification for details.

> https://urldefense.proofpoint.com/v2/url?u=https-3A__wiki.apache.org_tomcat_Specifications&d=DwIFaQ&c=uilaK90D4TOVoH58JNXRgQ&r=T34XNMuHs99f3YkStEdBgUp9XTcpTRir8U9GVk2H5hQ&m=g9XvhdAG4g80Ajw7i4CvF3kysWtESxDF6NFX8j630c8&s=mOjl8_uOfuo3lfn8xDS6jwCZao9az7SjXLxgAh-2Twc&e=


> 

> Is redirect performed by a single response, or there are several redirect responses in
a chain, A -> B -> C/ ?

> 

> 3. Actual configuration?

> 

> (For someone else to reproduce the issue or to match your tale to their configs).

> 

> Best regards,

> Konstantin Kolinko

> 

> ---------------------------------------------------------------------

> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org

> For additional commands, e-mail: users-help@tomcat.apache.org

> 

>

Mime
View raw message