I am working on a Java web app hosted on a Tomcat server. I have to set up redirects from www to non-www and from http to https. I want the following three URLs:
to redirect to
For this purpose, I am using UrlRewriteFilter
version 4.0.3 by tuckey.org. Here is my urlrewrite.xml
file:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE urlrewrite PUBLIC "-//tuckey.org//DTD UrlRewrite 4.0//EN" "http://www.tuckey.org/res/dtds/urlrewrite4.0.dtd">
<urlrewrite>
<rule>
<name>Redirect www to non-www and http to https</name>
<condition type="request-url" operator="equal">(^http://example.com|^http://www.example.com|^https://www.example.com)</condition>
<from>^(.*)$</from>
<to type="permanent-redirect" last="true">https://example.com$1</to>
</rule>
</urlrewrite>
The redirects work but the website does not load and the browser shows message:
This page isn’t working
example.com redirected you too many times.
I used a redirect checker and found out that after the initial redirect to https://example.com/, another redirect to https://example.com/ followed and then another one and so on – the URL redirects to itself. I don't understand what produces this infinite loop. Any help would be appreciated!
Update: I have no solution yet. If I remove the first URL from the condition element, the other two redirects work and things are OK but the question is how to set up the redirect from http://example.com.
I tried another approach – setting up the redirect to https in the web.xml file by pasting the following code:
<security-constraint>
<web-resource-collection>
<web-resource-name>all</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>CONFIDENTIAL</transport-guarantee>
</user-data-constraint>
</security-constraint>
The result is the same – https://example.com redirects to itself in an infinite loop. The only difference in this case is that the redirects are with status code 302. Any ideas about what causes this problem and how to solve it?
Update: Here is the output of the curl command when using the UrlRewriteFilter
:
Results from running: curl http://example.com
HTTP/1.1 301 Moved Permanently
Server: nginx admin
Date: Fri, 04 May 2018 13:24:16 GMT
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Location: https://example.com/
X-Cache: HIT from Backend
Results from running: curl https://example.com/
HTTP/1.1 301 Moved Permanently
Date: Fri, 04 May 2018 11:58:51 GMT
Server: Apache-Coyote/1.1
Location: https://example.com/
Content-Length: 0
Content-Type: text/plain
What is an Infinite / Looped Redirect? An infinite / looped redirect is a group of 2 or more redirects strung together in a chain that never resolve to a URL that breaks the redirect chain with a non-redirecting HTTP status.
Without SSL, your website will show insecure to the visitors. Therefore, using an SSL-encrypted connection for safety, accessibility or PCI compliance reasons is necessary. It becomes very important to redirect from HTTP to HTTPS.
I would simplify the rule like below
<rule>
<name>Ensure HTTPS</name>
<condition type="scheme" operator="notequal" next="or">https</condition>
<condition name="host" operator="notequal">www.example.com</condition>
<from>^/(.*)$</from>
<to type="redirect">https://example.com/$1</to>
</rule>
Also make sure the certificate is valid for example.com
as well as pointed out in below thread
UrlRewriteFilter: www and https redirect
My knowledge of curl might be a bit outdated, but I thought you have to do curl -L url
to follow redirects.
Also, are you sure the issue is not with your client?
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With