I have a Spring MVC application secured with Spring Security. The majority of the application uses simple HTTP to save resources, but a small part processes more confidential information and requires an HTTPS channel. Extract from the security-config.xml : All worked fine until we decided to migrate it to the main server, where the application servers run behind reverse proxies.