Https redireciton page rule has stopped working

Hi all,

Firstly, Is the support broken? I can’t choose a domain from the box i nthe domains issue section…

Anyway I’ve had a rage rule setup for over a year for redirecting all suddomains to https with the following rule:

*.domain.com/

This has worked fine until recently for www and another subdomain which we use for our main store, but now instead returns a 200 error and broken pages as it won’t redirect.

I’ve had issues with workers / page rules intermittantly stop, but not he ssl redirection.

Any help would be apreciated!

Thanks

Could you send a screenshot of the full page rule?

Hi Albert,

Wow that wwas fast! Yes no problem please see below;

This post was flagged by the community and is temporarily hidden.

The HTTPS redirect seems to work when the path is not / - for example, /test redirects just fine. Only the first page rule is applied to a request so perhaps you have another page rule that matches exactly /?

I’m also a bit confused as to why *.example.com/ matches paths other than / as there’s no wildcard.

From Understanding and Configuring Cloudflare Page Rules:

To match every page on a domain, write example.com/* . Just writing example.com won’t work.

EDIT: redacted domain by request from webdev3

the other 2 page rules just to bypass the cache with specific urls

Very odd as you’re right the /test works but then this doesn’t;

Could you try changing the Page Rule to cover *.example.com/*? (Or *example.com/* if you want the apex domain covered as well).

Also, /test worked because you’re doing redirects at the origin, but only on the www subdomain:

[[email protected] ~]$ curl -I http://www.example.com/some/path
HTTP/1.1 302 Found
Date: Thu, 14 Oct 2021 12:32:26 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Location: https://www.example.com/some/path
CF-Ray: 69e0d4962efa1d1a-CPH
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Expires: -1
Set-Cookie: PHPSESSID=pucp4nbj3v1fq9t7nhb37am77s; expires=Thu, 14-Oct-2021 13:32:26 GMT; Max-Age=3600; path=/; domain=.example.com; HttpOnly; SameSite=Lax
Vary: Accept-Encoding
CF-Cache-Status: DYNAMIC
content-security-policy: upgrade-insecure-requests;
pragma: no-cache
x-cache: MISS
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rJZZedwxgWVaXw64%2FxHxGWNl4cYOxgS7GdJ3IZ1jOhitv89LU7bvl6F78yxfea4%2B6Wc91Fnn%2BI%2F6xn6LQdo3j%2B4DAi%2FyoeP9OSisFDBuj%2F6IyMq%2Bno7htQwtQ0DP6fec2g%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

EDIT: redacted domain by request from webdev3

Actually, is there a reason you don’t just toggle it in the dashboard?

1 Like

Could you give a screenshot of the Page Rules tab from your dashboard?

1 Like

@albert I’ve been advised to remove mentions of our assets as this is public, so could I ask you to change the domain in your replies please?

Also I tried using the ssl settings when the domains were originally brought in, but generally changing anything would effectively take the sites down for at least a day while some caches cleared, and then would usually come up with an ssl error until reverted back to default full setting.

I’ve come up with using a worker to do this instead which so far seems to be working;

let requestURL = new URL(request.url)
let path = requestURL.pathname//.split(’’)[1]
let proto = requestURL.protocol

/if (proto != ‘https:’) {
return Response.redirect(‘https://’ + requestURL.hostname + path, 301)
}
/

@michael please see below;

Only one Page Rule will ever be executed on a request. The Page Rules are evaluated from top to bottom, and the first match will be executed. So the second page rule here will be executed for the subdomain, and the third will not be executed for that subdomain.

@Albert asked why you don’t just use the “Always Use HTTPS” setting. Seems to be the easiest way to get your desired outcome, and will not interfere with anything else (and be cheaper than Workers).

You know it’s possible to see what the post looked like before the edit right?

Indeed, editing just makes it not show up in search results :slightly_smiling_face:

Ok, got it!