My client browser detecting redirect loop with continous 3xx error code when I have load balancer or reverse proxy infront of SapphireIMS application server. How do I prevent this?

This behavior typically happens when client makes a HTTP request to only HTTPS enabled application server having reverse proxy or load balancer.

If HTTP redirection is enabled on SapphireIMS application server and if client has to communicate to application with HTTP request without reverse proxy or load balancer, following is the typical flow -

  1. Client sends a HTTP request to the Server
  2. Server sees that the URL is “http://"
  3. Server sends back 3xx redirect response telling the Client to go to “https://"
  4. Client sends a HTTPS request to the Server
  5. Server sees that the URL is “https://"
  6. Server sends back the requested web page or data

If reverse proxy or load balancer is in place which decrypts the traffic while sending to application server, following is the flow. Here decryption of traffic means the protocol will be changed from HTTPS to HTTP before sending it to application server and this is called as SSL offloading or termination.

  1. Client sends the HTTP request to the Proxy
  2. Proxy sends the HTTP request to the Server
  3. Server sees that the URL is “http://"
  4. Server sends back 3xx redirect response telling the Client to connect to “https://"
  5. Client sends an HTTPS request to the Proxy
  6. Proxy decrypts the HTTPS traffic to HTTP
  7. Proxy sends the HTTP request to the Server
  8. Steps 3 to 7 repeat forever (or until the browser detects a redirect loop)

So How do I prevent this?

  1. Client sends the HTTP request to the Proxy
  2. < Proxy sends the HTTP request to the Server
  3. Server sees that the URL is “http://"
  4. Server sends back 3xx redirect response telling the Client to connect to “https://"
  5. Client sends an HTTPS request to the Proxy
  6. Proxy decrypts the HTTPS traffic and sets the “X-Forwarded-Proto: https”
  7. Proxy sends the HTTP request to the Server
  8. Server sees that the URL is “http://"” but also sees that “X-Forwarded-Proto” is “https” and trusts that the request is HTTPS
  9. Server sends back the requested web page or data

In step 6 above, the Proxy is setting the HTTP header “X-Forwarded-Proto: https” to specify that the traffic it received is HTTPS. In step 8, the Server then uses the X-Forwarded-Proto to determine if the request was HTTP or HTTPS.

You will also need to modify the file ’ standalone.xml ’ which is present in ’ SapphireIMS\WebManagement\standalone\configuration ’ folder and add `proxy-address-forwarding="true’ under ‘http-listener’ section