Allow HTTP Passthrough on Two URLs

I’ve got two domains setup at CF: example.org and example.com. Both have A records pointing to origin server IPs (2x each, one A record for @ and one for www). Then I have a catchall page rule (redirect) for all non-WWW to WWW HTTPS.

example.com/*
Forwarding URL (Status Code: 302 - Temporary Redirect, Url: https://www.example.com/$1)

This is all working as expected.

Now I also have some legacy software (desktop applications) that need to access two URLs without HTTPS (and I can’t change the desktop software, eg they can’t follow HTTPS redirects). I’ve set up these two URLs with page rules to turn SSL off:

http://www.example.com/version.txt
SSL: Off

http://www.example.com/formdata
SSL: Off

Hoping that any requests to http://www.example.com/version.txt or http://www.example.com/formdata would not be redirected to HTTPS, but they are. I have this page rules above (in the ordered list) the catchall redirect.

Other details are that I’ve got both A records for the COM domain proxied (not sure if this is correct, and I’ve tested turning the orange proxy off for non-WWW).

The ORG domain is not really that relevant here except to say that I have a proxy_pass on my origin Nginx server to pass through requests to /formdata (COM → ORG) where I’ve got an app running on another origin server elsewhere. That part seems to be working on its own but the requests to HTTP URLs mentioned above are still getting redirected to HTTPS.

Note that I’ve got no origin server HTTPS enforcement at all. My Nginx server block is only listening on port 80. The Django app that serves the website doesn’t have any HTTPS enforcement either, so I’m thinking CF is doing this.

Any ideas, thoughts?

In my somewhat frantic attempt to resolve this over the last couple days, I’ve tried variations of several things, but I think those various config changes are not tested enough to write here. The use case above is well tested and has been configured for 15-20 hours.

Are you trying to load with or without www the above URLs? (possible they only work as written, http and www only, maybe the web browser “erases www prefix”?)

I believe if you have enabled the “Always Use HTTPS” option, it would execute before page rules. Can you try to turn it off, then tweak your page rules?

Have you tried adding few more options to your existing Page Rules like Automatic HTTPS redirection and also selecting Off?

Can you access them directly via your host/origin IP address?

What if you add this file to a sub-domain which os not proxied (:grey: cloud) via Cloudflare?
If configured for your sub-domain to work only on HTTP (80) at your host/origin and having :grey:, I believe it should work fine.

1 Like

Thanks @fritexvz !

I tried a few things you mentioned and the thing that worked was to disable Always Use HTTPS under the SSL/TLS section. Then I edited my page rules. I left the two I mentioned in the original question as is, since they were already correct (I don’t want HTTPS on those). But I edited the catchall to this:

*.example.com/
Always Use HTTPS

Now that this is working, the desktop application issue will likely resolve itself.

Thanks again. It’s great learning more about CF’s great service and granular control over things. It’s fabulous. Cheers.

2 Likes

Great one!
@proteomesoftware I am really happy You have managed to find a solution and fix your issue! :wink:

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.