Cloudflare seems to be serving traffic over HTTP even though HTTPS-only mode is enabled

hamishmb · July 14, 2022, 12:28pm

Answer these questions to help the Community help you with Security questions.

I’m not sure if this is the right place for this question or not, so apologies if not.

What is the domain name?
hamishmb dot com

When you tested your domain using the Cloudflare Diagnostic Center, what were the results?
N/A

Describe the issue you are having:

The Cloudflare stats still show a small amount of traffic being served over HTTP, even though I have HTTPS-only enabled. Why might this be? I’m not sure if this is just the redirects to HTTPS being shown, or not.

What error message or number are you receiving?
N/A

What steps have you taken to resolve the issue?
None, because I don’t know if this is a problem.

Was the site working with SSL prior to adding it to Cloudflare?
Yes.

What are the steps to reproduce the error:
N/A

Have you tried from another browser and/or incognito mode?
N/A

Please attach a screenshot of the error:
N/A

sandro · July 14, 2022, 12:36pm

That.

Your site generally redirects fine to HTTPS

$ curl -I http://hamishmb.com
HTTP/1.1 301 Moved Permanently
Location: https://hamishmb.com/

So any HTTP requests will be those which were redirected to HTTPS by Cloudflare.

You can enable HSTS (assuming you do not intend to use HTTP) but that won’t be a guarantee for no HTTP requests either, as only browsers will follow that.

As far as I can tell, your site is properly configured.

hamishmb · July 14, 2022, 12:47pm

Cheers, thanks for double-checking for me.

system · July 17, 2022, 12:47pm

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.