Always HTTPS

If i enable ‘always use HTTPS’ this option get also applied on Records that are not proxied (only DNS)?

I seems so?

No. Websites which are not proxied will route the traffic directly to your server instead of Cloudflare, thus Cloudflare can’t enforce HTTPS for you.

I’m not sure about this, because I don’t have a configuration for 301 redirection for non-https in my webserver and still if I don’t use https the site is 301 redirected to https.

And the site is not proxied.

What’s your website?

https://mx.s3cured.pw (Mail-Server)

If i use http://mx.s3cured.pw OR https://mx.s3cured.pw i always end up with HTTPS.

The domain mx.s3cured.pw / s3cured.pw is not proxified

Your HSTS policy is forcing HTTPS:

You have the strict-transport-security header being set here by your nginx web server:

2 Likes

But my config doesn’t set HSTS, when its set by cloudflare?

This header was set by your server itself. Not Cloudflare. You may need to check any web server configuration that adds strict-transport-security header.

1 Like

Yes you are right, i checked an HSTS is set by the webserver, so this setting is the reason why i get redirected from http to https, right?

1 Like

Yes, this forces every browser to redirect any HTTP links to HTTPS links. And if HTTPS pages can’t be loaded (due to expired SSL cert, SSL striping attacks, etc.), the browser will display an error message and the user has no way to bypass the error and visit your website.

Thanks I’m new to this all I apologize

I have learned that, HSTS is not a HTTPS redirect! It works very different.

So cloudflare must have a hand in this somehow with the option mentioned in the startpost

Technically no, but browsers redirect HTTP links to HTTPS links automatically with HTTP 307 (Internal Redirect) once it knows this website has HSTS enforced. The link was not redirected with HTTP 301 OR 302.

1 Like

Check this screenshot.

1 Like

But a curl -I http://mx.s3cured.pw gives me a 301 redirect. I don’t understand why.

image

Can you check your web server config for any redirect done from server side?

As the developer of the mailserver software told me, such a configuration is not built into their server.

Here you can see the whole code of the containers here:

And there is no such redirect on nginx configuration.

Hence my assumption that this forwarding comes from the side of cloudflare, because cloudflare forwards here 301 if the above option is enabled, maybe the setting refers to records that are not proxified also? :thinking:

This is not possible. This 301 response was returned by your server and I can see your server IP address instead of Cloudflare IP address - also the server header mentions nginx but not cloudflare.

Perhaps 301 was returned by the app itself?

Try to dig into your nginx access logs. You may see some lines with 301.

Anyway thank you for your help and commitment, according to the developer no redirect is made from the app and nginx.

Also I could not find such in the config of the linked project after my research.

I really don’t know where the redirect comes from.

1 Like