Hello all,
What options do I need to turn off, so that an incoming HTTP request does not get converted to HTTPS? I am trying to determine the HTTP traffic that is coming in, so I can inform those that they need to update URLs. I just want it to fail and not connect.
Thanks,
Steve
This will be a bit tricky, as mainstream browsers automatically switch requests to HTTPS when SSL is available, so such requests will never be HTTP, even if the original URL indicated that protocol. And you probably do not want to disable SSL altogether.
However, if you just want to cover the requests which actually get sent on HTTP, you only need to make sure Always Use HTTPS is not enabled, and Cloudflare will not redirect HTTP requests automatically.
Also make sure your encryption mode on Cloudflare is Full Strict.
Right now the encryption mode is Full, not Full Strict. I have turned off Always Use HTTPS, so then it has to be what you said about SSL.
That’s an outdated legacy mode and does not provide encryption. It should always be Full Strict.
With that setting, your server will not get HTTP requests, unless they were already elevated by the browser, which mainstream browsers do, so I’d adjust expectations.
But do change to Full Strict, otherwise you have no proper encryption anyhow.
Thank you for that. I will work on getting Full Strict into place.