CloudFlare Workers - Disable HTTPS

I am working on an IoT project which uses GRPS-enabled sensors to report the temperature of whatever they’re attached to.

These sensors are only capable of HTTP POST, they cannot use HTTPS. I have no influence over the sensors, so I can’t do anything about them specifically; unfortunately.

The sensors only submit a “device_id”, timestamp and temperature reading. There is no risk to this data being captured by third-parties and spoofing is not a concern either. So while it’s unfortunate that the sensors don’t support HTTPS, it’s not considered a risk so much as an annoyance.

I’ve created a CloudFlare Worker to accept the HTTP POST messages from the sensors, it does some text manipulation then passes it along to another third-party API.

CloudFlare workers are almost perfect for this, but I’m not aware of any means by which to enable plain-text HTTP. I’m currently using a self-hosted nginx reverse proxy to expose regular HTTP, for testing - but this isn’t feasible in the long term.

Is there a way to enable plain-text HTTP on Worker?

Based on the subdomain you configured for the Workers route, you can actually create a page rule for the subdomain URL and set the SSL mode to Off.

3 Likes

Thank you - this worked.

I have two domains: example[dot]com and example[dot]org

I was unable to get this to work on example.com for some reason, probably because the option “Always Use HTTPS” is enabled for the domain as well as HSTS.

But example.org is configured with the CloudFlare defaults and the rules in your example did work, which is perfect. Thank you.

1 Like

Yup. HSTS will prevent browsers to make HTTP connections. But since your IoT device is not a browser, I don’t think it will respect HSTS headers.

Perhaps you can try to disable Always Use HTTPS at the global level, and create page rules for each of the subdomain that requires Always Use HTTPS.

You are welcome.

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.