Hello, I have Let’s Encrypt and auto https redirects on my server/site they work perfectly but when I use firewall rules to block some pages when accessing the pages and being blocked, the page uses HTTP and doesn’t redirect to https. I already tried clicking HTTPS redirect on Cloudflare ssl/tls page doesn’t seem to do anything. wondering if this is normal.
Are you saying that your Cloudflare Firewall Events logs a lot of http requests that were blocked by your rules? This is normal, as many bots and botnets use http to probe websites, and Cloudflare will block the attempt, often before the http to https redirection takes. place.
For example if I type http:// then site address they will all redirect to https:// or if I just enter the url starting with www.
But for some reason if I block a page for example my WP login , if I type www.then the url it automatically goes to http and shows the blocked Cloudflare page . If I type http:// then the url address ,it will also use http but if I type https:// it will use that.
Question is why doesn’t it auto redirect when the firewall block page comes up.
Only if the page is blocked by the firewall will it allow http otherwise http won’t work at all.
That’s standard browser behavior. If you do not enter the protocol, it assumes http.
Now you’re telling the browser you want to use https, and so it requests the page over https.
The redirection is done either by Cloudflare (if you set Always Use HTTPS), or by your origin server. As I have said before, if your Cloudflare Firewall Rules tell Cloudflare to block the request, why would it redirect before blocking?
I thought this too but I tried on someone else’s Cloudflare and it redirects the block page and doesn’t allow http.
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.