I’m trying to setup a redirect on some of my websites from http to https.
I’m doing this programatically in java, because I have a number of websites running in the same servlet container/web app, and only some of them are hooked up to Cloudflare, so only some of them can use https.
The coding seems quite simple:
String requestURLLower = req.getRequestURL().toString().toLowerCase();
if ( isCloudflareSite && requestURLLower.startsWith("http:")) {
StringBuilder requestURL = new StringBuilder(requestURLLower);
System.out.println("Got requrl lower " + requestURLLower + " scheme " +
req.getScheme() + " is secure " + req.isSecure());
String queryString = req.getQueryString();
if (queryString != null) {
requestURL.append('?').append(queryString);
}
String link = Strings.replace(requestURL.toString(), "http:", "https:");
System.out.println("RURLLOWEr redirecting to " + link + " from " +
requestURL);
res.setStatus(301);
res.setHeader( "Location", link);
return;
}
When I run this code, the browser redirects too many times and gives an error.
The output from the program after entering that exact url in my browser is this:
Got requrl lower http://www.xxx.com.au/xxx scheme http is secure false
RURLLOWEr redirecting to https://www.xxx.com.au/xxx?page=hello from
http://www.xxx.com.au/xxx?page=hello
And this output was repeated about 20 times from the one page load.
Am I missing something really obvious here, or is java not detecting the protocol?
The only thing I can think of is that it is related to the https being provided by Cloudflare.
Your SSL status is most likely Flexible, which makes Cloudflare connect via HTTP. That is pretty insecure and you should definitely switch to one of the two Fulls (preferably strict) but this will also require you to configure a certificate on your servlet container (assuming there is no other server in front of it).
But on that page, I found something that I was trying to do myself.
" Always Use HTTPS
Redirect all requests with scheme “http” to “https”. This applies to all http requests to the zone."
That’s exactly what I want, so I’ve changed the setting to always use https.
I’m a bit confused though by your comment “which makes Cloudflare connect via http”. Maybe you mean Cloudflare is connecting to Sportspunter.com through http, but the user is connecting to Cloudflare through https. Is that the way it works?
How will google see my website with the “flexible” and “always use https” settings in Cloudflare - as using https, or not?