Firewall preventing HSTS Preload

Hi, I know that this has been a topic here already - but I have not found a solution yet.

If I want to add my site to hstspreload, it says that https rerouting is not enabled. I guess it is related to the bot fight mode of cloudflare. When I turn off security, it works.

Is there any firewall rule I could apply to fix this?

Any idea is highly appreciated. Best regards, Gerald

Which Bot Fight mode are you using? Is it regular Bot Fight mode, or is it one of the Super Bot Fight Modes?

I do have a Firewall Rule to “Allow” such connections because I have rules farther down that would typically block them.

Thanks! I use the regular/free account, i.e., the normal bot-fight mode. Your suggestion didn’t work, still, hstspreload tells me that my website is not redirected to https.

I have another domain which is on a cloudflare premium account with superbot-fightmode. Interestingly, here hstspreload works without any additional rule.

Regarding the regular bot fight mode, I just couldn’t figure out the ip, referrer or whatsoever to create an appropriate firewall rule. For the time being, I have disabled the botfight mode, but this is, of course, not a good solution.

Now you’ve jinxed me. They’ve changed user agent strings, and for the life of me, I can’t get my Allow rule to work.

I can only guess that my setup no longer works only because it wasn’t blocked by Bot Fight Mode, but my ASN block, so my exception worked before. But now the HSTS bot is tripping Bot Fight Mode, so Firewall Rules won’t work there. So much for that. :slightly_frowning_face:

I know what you mean. I tried almost everything, couldn’t get it to work. Interestingly, with a pro account, it works, so there must be a rule which is automatically included in the pro super-bot option.

What I did:

  1. I disabled the bot protection
  2. I set up firewall rules to protect against the most known (bad) bots. I followed this tutorial (How to Use Cloudflare Firewall Rules to Protect Your Web Application), example 3, copied/pasted it - and then hstspreload works :slight_smile:

But that is not optimal, I hope that someone comes up with a firewall rule soon. Best,

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.