A redirect keeps repeating
Find the first repeated target and the layer that generated it before changing redirect rules.
- redirects
- diagnostics
Diagnostic overview
Symptoms
- A client reports too many redirects or stops after its redirect limit.
- Two or more URLs repeat in the captured redirect chain.
Likely layers
client, proxy, cdn, origin
Common causes
- HTTP-to-HTTPS and HTTPS-to-HTTP rules disagree across two layers.
- Canonical host or trailing-slash rules reverse each other's output.
- A proxy hides the original scheme or host from an application redirect rule.
Diagnostic steps
Capture the first response without automatic redirect following.
Look for: The status, Location, and responding layer establish the first transition.
Follow with a small explicit hop limit and record every absolute target.
Look for: The first repeated normalized target identifies the cycle boundary.
Compare scheme and host forwarding data at the layer that generated each hop.
Look for: Conflicting canonicalization or lost original-request context explains the reversal.
Targeted fixes
- Make one layer authoritative for each canonical host, scheme, and path rule.
- Forward and trust original scheme or host metadata only across controlled proxy boundaries.
- Purge a cached redirect only after correcting and verifying the responsible rule.
Preserve the first hop
Disable automatic following and record status, Location, cache fields, request
ID, and responding layer.
curl --silent --show-error --head https://example.invalid/start
Expected result: one response exposes the first transition instead of hiding the loop behind a final client error. Test only a destination you control or are authorized to inspect.
Find the first repeated target
Resolve relative Location values, normalize only what URI rules permit, and list each hop. The first target that appears twice closes the cycle. Compare the rule and layer that produced the preceding responses.
Fix one authority
Make a single layer responsible for each canonicalization decision. Verify from a clean cache with a bounded follow, then check the original client path. Do not add another redirect to compensate for a rule you have not located.
