Change security mode for ssl only primary domain and not subdomains

Hello,
I have a question please. Lets suppose that my domain is computer[.com My domain has public website and it dns proxied by Cloudflare.
I wish to change the security settings in Cloudflare to Full (Strict) for my primary domain only computer[.]com, not for subdomains.

How can I do it?

Thanks

The answer is on the screenshot you shared:

1 Like

Thank you.
Should I configure in this page only these fields like this?
When incoming requests match:
Hostname equals: computer[.]com (or should I do computer[.]com/*?)
SSL (optional): Strict

Or I should I do something more/else?

Thanks

Please help

The former. The latter has two problems. Equals would not match a wildcard no matter what you are doing, and the hostname does not include the path.

(http.host eq "example.com")

If you wanted to set this option for a few hostnames you could use something like this:
(http.host in {"example.com" "beta.example.com"})

Personally, I would reverse the logic here. Set Full Strict as the zone level setting, and then use a Configuration Rule to set Full for the hostnames that currently do not have valid certificates. Then work through the list of servers to resolve any certificate issues preventing them from being Strict.

1 Like

Thank you so much!
Regarding changing the logic - you are correct. I will take it as a project.

Thank you so much again.

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.