We are implementing a redirect rule to force our traffic to SSL. I was wondering what the most optimal way to force all traffic to SSL was? Our architecture has a CDN(Akamai), that is front of an ELB, that is in front of our web application server(tomcat).
From https://serverfault.com/a/887312/92022:
Do it in Akamai. The closer to the edge your redirect takes place, the faster the request response time will be for your users.
https://blogs.akamai.com/2016/02/redirecting-on-the-edge.html
If you're confident that you can serve your entire domain over HTTPS now and into the future then you should also look into enabling HSTS. This will mean only first time visitors ever get the HTTP->HTTPS redirect, then the HSTS header gets cached in the browser and thereafter all requests are automatically upgraded to HTTPS by the browser before the request is initiated.