This happens when there is some form of SSL offloading, and when the request gets to the Access Gateway (referred to as Ag in this article) and/or the backend the request is in HTTP rather than HTTPS.
In this case we have calling topology of : client -> SSLOffloader -> Access Gateway (Ag)- > backend
So by the time the request gets to to Access Gateway (Ag) or the backend, the Ag or backend believe the request is a HTTP request not a HTTPS request. So If the Ag or backend generates a redirect the location it will specify will likely be a HTTP (port 80) reference rather than a HTTPS (port 443) reference.
For example : with topology of : client --:443 -> SSLOffloader -- :80 -> Access Gateway -- :80 --> backend
The request from the client may be https (port 443) :
But that gets passed to the Ag on port 80, the Ag may detect the "https" but when the Ag passes the request to the backend the backend does not know it is HTTPS request.
So if the backend responses with a 302 redirect it will generally be a 320 redirect to the HTTP (port 80) location eg it returns :
HTTP/1.1 302 Found
That response is returend back to the client, and the client then tries to contact the site www.example.com on port 80, and gets a reject since the SSOffloader /F5 proxy is listening on server on HTTPS (port 443) and not on HTTP (port 80) - so the client gets an error response.