Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Redirection from http to https - infinite loop

I am working on a Java web app hosted on a Tomcat server. I have to set up redirects from www to non-www and from http to https. I want the following three URLs:

  • http://example.com
  • http://www.example.com
  • https://www.example.com

to redirect to

  • https://example.com

For this purpose, I am using UrlRewriteFilter version 4.0.3 by tuckey.org. Here is my urlrewrite.xml file:

<?xml version="1.0" encoding="UTF-8"?> 
<!DOCTYPE urlrewrite PUBLIC "-//tuckey.org//DTD UrlRewrite 4.0//EN" "http://www.tuckey.org/res/dtds/urlrewrite4.0.dtd"> 
<urlrewrite> 
  <rule> 
    <name>Redirect www to non-www and http to https</name> 
    <condition type="request-url" operator="equal">(^http://example.com|^http://www.example.com|^https://www.example.com)</condition> 
    <from>^(.*)$</from> 
    <to type="permanent-redirect" last="true">https://example.com$1</to> 
  </rule> 
</urlrewrite> 

The redirects work but the website does not load and the browser shows message:

This page isn’t working
example.com redirected you too many times.

I used a redirect checker and found out that after the initial redirect to https://example.com/, another redirect to https://example.com/ followed and then another one and so on – the URL redirects to itself. I don't understand what produces this infinite loop. Any help would be appreciated!

Update: I have no solution yet. If I remove the first URL from the condition element, the other two redirects work and things are OK but the question is how to set up the redirect from http://example.com.

I tried another approach – setting up the redirect to https in the web.xml file by pasting the following code:

<security-constraint> 
  <web-resource-collection> 
    <web-resource-name>all</web-resource-name> 
    <url-pattern>/*</url-pattern> 
  </web-resource-collection> 
  <user-data-constraint> 
    <transport-guarantee>CONFIDENTIAL</transport-guarantee> 
  </user-data-constraint> 
</security-constraint> 

The result is the same – https://example.com redirects to itself in an infinite loop. The only difference in this case is that the redirects are with status code 302. Any ideas about what causes this problem and how to solve it?

Update: Here is the output of the curl command when using the UrlRewriteFilter:


Results from running: curl http://example.com

Response Header

HTTP/1.1 301 Moved Permanently   
Server: nginx admin   
Date: Fri, 04 May 2018 13:24:16 GMT   
Content-Type: text/plain   
Content-Length: 0   
Connection: keep-alive   
Location: https://example.com/   
X-Cache: HIT from Backend  

Results from running: curl https://example.com/

Response Header

HTTP/1.1 301 Moved Permanently   
Date: Fri, 04 May 2018 11:58:51 GMT   
Server: Apache-Coyote/1.1  
Location: https://example.com/   
Content-Length: 0   
Content-Type: text/plain

like image 844
Rick77 Avatar asked Apr 24 '18 09:04

Rick77


People also ask

What is infinite redirect loop?

What is an Infinite / Looped Redirect? An infinite / looped redirect is a group of 2 or more redirects strung together in a chain that never resolve to a URL that breaks the redirect chain with a non-redirecting HTTP status.

Is it good to redirect HTTP to HTTPS?

Without SSL, your website will show insecure to the visitors. Therefore, using an SSL-encrypted connection for safety, accessibility or PCI compliance reasons is necessary. It becomes very important to redirect from HTTP to HTTPS.


2 Answers

I would simplify the rule like below

<rule>
   <name>Ensure HTTPS</name>
   <condition type="scheme" operator="notequal" next="or">https</condition>
   <condition name="host" operator="notequal">www.example.com</condition>
   <from>^/(.*)$</from>
   <to type="redirect">https://example.com/$1</to>
</rule>

Also make sure the certificate is valid for example.com as well as pointed out in below thread

UrlRewriteFilter: www and https redirect

like image 164
Tarun Lalwani Avatar answered Oct 05 '22 13:10

Tarun Lalwani


My knowledge of curl might be a bit outdated, but I thought you have to do curl -L url to follow redirects.

Also, are you sure the issue is not with your client?

like image 30
Abinash Avatar answered Oct 05 '22 14:10

Abinash