|Summary:||Tomcat doesn't support setting the response code for http -> https redirect|
|Product:||Tomcat 7||Reporter:||Duncan Lyall <lyallex>|
|Component:||Connectors||Assignee:||Tomcat Developers Mailing List <dev>|
Description Duncan Lyall 2016-04-30 15:37:51 UTC
Product: apache-tomcat-7.0.42 Version: 7-0.42 Component: Connector (guess) Platform: x86_64 OS: Ubuntu Linux 12.04.2 LTS and CentOS Linux release 7.2.1511 Severity: enhancement Java: jdk1.8.0_77 Tomcat 7.0.42 used as standalone web server port 80 configured with <transport-guarantee>CONFIDENTIAL</transport-guarantee> in web.xml and <Connector port="80" protocol="HTTP/1.1" connectionTimeout="20000" redirectPort="443" /> <Connector port="443" maxThreads="150" scheme="https" secure="true" SSLEnabled="true" keystoreFile="/opt/keys/tomcat.keystore" keystorePass="?" clientAuth="false" keyAlias="tomcat" sslProtocol="TLS" /> in server.xml # curl -D /tmp/headers.txt -s http://localhost # cat headers.txt HTTP/1.1 302 Found Server: Apache-Coyote/1.1 ... It doesn't seem to be possible to configure the response code for the http -> https redirect. Discussions with Google webmasters reveal that Google require a 301 moved permanently response to the http -> https redirect. This is key to maintaining existing rankings Unfortunately Tomcat returns 302 temporary redirect when performing the redirection. Implementing site wide https is also crucial to maintaining rankings unfortunately the benefits of doing this are largley negated by the inability to return the required status code.The only option is to undeploy https thereby once again harming rankings. A good Google ranking is the difference between making a profit and making a loss. Much as I don't like it, that's the way it is unfortunately.
Comment 1 Mark Thomas 2016-06-15 11:12:11 UTC
This has been implemented as a new option in the Realm and will has implemented in: - 9.0.x for 9.0.0.M9 onwards - 8.5.x for 8.5.4 onwards - 8.0.x for 8.0.37 onwards - 7.0.x for 7.0.70 onwards