2 redirects to HTTPS

We are in the process of moving to cloudflare for our CMS site hosted in Pantheon.
We started with our 2 test environments, and have noticed something that is not optimal for us.

If you browse to our domain without https://www at the start it redirects twice. First to www and then to https://

So it goes like this :
mysite.c0m > www.mysite.c0m > https://www.mysite.c0m

In our current setup it just goes :
mysite.c0m ? https://www.mysite.c0m

We have set up a page rule, and removed the redirection code from Pantheon. But we cannot figure out why this redirect is happening!

Any ideas?

Is there some redirection setup at Pantheon?

What is the output result when you enter https://www.yoursite.com in this toolbox here?:

You also mentioned you are using WordPress.
Is WordPress installed on www or non-www site?

Maybe this tutorial below can help a bit:

You have mentioned Page Rules. Yes, it can also be done using Cloudflare Page Rules:

Maybe there is some issue due to an selected SSL mode at Cloudflare SSL tab?
Is it Flexible SSL or Full SSL?

1 Like

There shouldnt be. We just removed the code in the config files.
And I am speaking with their tech support and they say it is a cloudflare thing. (Not sure I believe them yet :slight_smile:

Such redirects actually are not getting done by CloudFlare untill you configurate it to do so.
It can be done on your oprigin Server OR on your CMS.
Also please tell us the reidrection Code (302? 301?) if its 301 it anyway will be cached on Clientside and takes a while (untill the cache flushed) untill the client will discard this local redirect.

I would recommend bypassing this with a PageRule like this:

domain.tld/*
Forwarding URL (Status Code: 301 - Permanent Redirect, Url: https://www.domain.tld/$1)

Optional Plus:

activate HSTS and let the bworser do the first redirect (HTTP to HTTPS) internaly.
Then you also do have 2 redirects:

  1. http://domain.tld =(307)=> https://domain.tld (getting done localy and therefore fast!)
  2. https://domain.tld =(301)=> https://www.domain.tld

Looks then like this:

1 Like

I have set up 2 page rules in our test environment in cloudflare.

A 301 redirect from https://mysite.c0m/* > https://www.mysite.com
And an Always Use HTTPS rule on mysite.com/*

But I still see 2 hops. I’m not even sure if that is normal, but google page speed says that is too many redirects.

in GPSI you should never test on the blank domain like http://domain.tld but already on the correct target one as you normally always write the already correct one everywhere so the correct one is the normal startingpoint.

Please adopt to what I have written you above:

as your PageRule is not covering the HTTP, so remove the https:// from the pattern to match both, HTTP and HTTPS also you normally want to append /$1 to the target to make sure you not gonna lose any informations (the path) when redirecting, but thats up to personal preferences.

For better understanding please have a read here at the docs:

and here (like @fritexvz already posted):

1 Like

Ok Thank you.
So I removed the “Always use https” page rule and added one that does :
mysite.com/* >> https://www.mysite.com/$1

So we only have one page rule now. Is that correct?

These things you can configurate globaly to the whole ZONE and therefore you will then not waste a PageRule for:

  • HSTS
  • Always use HTTPS

Yeah thats correct! There are 4 possible entrypoints:

  1. HTTP
  2. HTTPS
  3. HTTP://WWW
  4. HTTPS://WWW (wished target)
. HTTP HTTPS
NON WWW (1) HTTP://domain.tld (2) HTTPS://domain.tld
WWW (3) HTTP://WWW.domain.tld (4) HTTPS://WWW.domain.tld

(1) redirected by PageRule which matches domain.tld/* they are directly redirected (301) to (4)
(2) redirected by PageRule which matches domain.tld/* they are directly redirected (301) to (4)
(3) is getting redirected with a 307 as due to HSTS also directly to (4)
(4) already correct Scheme and wished WWW subdomain.

As 4 is the wished target you will now redirect Always with just 1 EXTERNAL redirect to the wished target and this even without losing the information about the origin path.

After implemented pleas flush Cache and let Google PageSpeed Insights test the blank Domain. It will rank a bit lower, due to the fact redirects take time, but it should not warn about “too many redirects” (not the error, the best practice thing!)

Please report back

1 Like

Yep that works as we want now.

Thank you so much @M4rt1n and @fritexvz !! You guys are awesome.

2 Likes

Might I add the notice that the single redirect from:

http://.domain.tld ==> https://www.domain.tld

does bring in some little thing that is worth noting.

The Website www.hardenize.com for example will trigger a warning as it asumes that HSTS is not working properly. This is due to the fact that the HSTS Location behind your http://.domain.tld version is the https://.domain.tld version, but you directly and without that quickstop in between are getting redirected to https://www.domain.tld (by the PageRule) and it therefore it triggers that warning.
See:

The HSTS then kicks in in the second request as it (internally and locally) redirects you to HTTPS and starts over there, for the second request.

I want to mention, that this method of redirecting anyway is sure and that warning can be ignored as long as you know what you do.

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.