Always Use HTTPS by default?

Hello,

One question about the option “Always Use HTTPS”
By default in my panel stay in OFF and when add one domain I need to go to SSL/TSS > Edge Certificates > and click in ON button to Always use HTTPS.

Have any possibility to working in ON by default in my panel? To avoid go to this option one by one domains I add to cloudflare.

Thanks!

I wish. But, no. Every hostname should respond to HTTP, so it’s always a “safe” bet. Not desirable, but a customer won’t start with a broken website right off the bat.

As it looks like you’re planning on bulk adding websites, it may be a good time to whip up some API scripts that pull a list of domains on your account, then hit each one on that list with settings you want.

Granted, it’s a one-size-fits-all approach, but if those are your “Must Have” settings, it should be safe.

2 Likes

The OP’s hosts only respond to HTTP :wink:

Oh…then why are they trying to enable HTTPS Only? That sounds broken.

2 Likes

Not true.

Thanks sdayman.
Its a pity not possibility to active by default for all domains.
About working with API, Yes, I’m new to this but as you said… may be a good time to whip up some API scripts.

Thanks,

Well, you explicitly said you do not have a proper SSL setup and that you do not care that this is insecure.

1 Like

Yes Sandro…
I am a domain broker and working with more than 500 domains with landings.
This landings only have the name of domain and a small text with a telephone number and e-mail. NO MORE.

My landings they where with non HTTPS but with some Google Chrome updates block this sites often with a text stating that they are not safe.

And yes I said do not have a proper SSL Setup (ony have Flexible SSL in Cloudflare) and do not care that this is insecure. Only need HTTPS to avoid the warning text what google indicates.

But now with Flexible SSL, in the Chrome navbar view HTTPS and I no longer get the insecure page error.

Precisely what I said.

Nope. You said: “The OP’s hosts only respond to HTTP”
And this is not true.

If I activate “Always Use HTTPS” in Cloudflare with Flexible SSL my host responde to HTTPS.
any visitor typein in nabvar midomain.com go direcltly to: https://midomian.com/

Of course, it’s true. You just confirmed that none of your servers has a proper SSL setup.

And that would be correct. No matter what you put on the page, your traffic can be intercepted and injected with whatever an attacker wants: malware, phishing links, etc.

Not has a proper SSL setup but all working with “HTTPS:”
And what is the problem for this thread ?
I have only asked to activate an option within the cloudflare panel.

It’s all at Why you should choose Full Strict, and only Full Strict.

As long as you have the encryption mode you currently have, your site is not secure. That’s it.

1 Like

It’s not authentic HTTPS. When we work on solutions, we try to provide quality responses, not promote fake snakeoil configurations.

3 Likes

Yes, I know it’s a problem but I am amateur with this and for this moment my pages only working with Flexible SSL if I put all with Full in Cloudflare the landings do not load and I do not know why or where is the problem.

I promise to review it to be able to have everything correct.

1 Like

Fair enough, but then you should hire a professional to do it properly.

Right now you simply have a broken setup and put your visitors’ security at risk. And actually it is pretty easy to secure everything properly anyhow, so I am not sure what the issue is in the first place.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.