I began using Cloudflare about a month ago.
Before Cloudflare, my PHP script would handle any non-SSL requests by issuing a 301 redirect to the correct SSL-based URL.
I would like this behavior to continue since onboarding onto Cloudflare, but it is not working.
My SSL/TLS encryption mode is Full (strict). The origin server has its own EV SSL certificate.
When I began using Cloudflare, I came across the problem that if a non-SSL request is made when the “Always use HTTPS” option is disabled, a 307 redirect occurs to the SSL-based version of the URL. When the “Always use HTTPS” option is enabled, a 301 redirect occurs to the SSL-based version of the URL.
This is not the desired behavior because our URL structure has changed over the past 20 years that the website has been running. Most of the incoming links we have pointing to our site from 10+ years ago were before we switched over to HTTPS, and they are in our old site structure.
If our PHP script on the origin server detects a non-SSL request, it issues a 301 redirect to an SSL page that uses our new URL structure. Additionally, if our PHP script on the origin server detects a URL in the wrong structure, it issues a 301 redirect to the new URL structure.
Since using Cloudflare, HTTP->HTTPS URL rewriting seems to always happen on the edge. Therefore, two redirects are occurring one after the other: first HTTP to HTTPS, and then a second from our old URL structure to our new URL structure. This is both inefficient and is bad for SEO. The desired behavior is to allow my PHP script to handle a single 301 redirect to an HTTPS URL with the new site structure.
In any case, a few weeks ago, I enabled HSTS. Now, it doesn’t matter if I have “Always Use HTTPS” enabled or disabled. Either way, it issues a 307 Internal Redirect to the SSL version of the same URL.
Is there any way to revert to pre-Cloudflare behavior here?
I don’t have much experience with workers, but could a worker be issued to call the origin server for non-SSL requests?