So, I went to my website at 3:28 PM and I was somehow able to access http:// when I set a Cloudflare page rule to force https:// on every part of the domain (even sub-domains)…
I verified that this happened by going to cPanel -> Visitors and sure enough there was a log saying my ip accessed the site using http:// and not https:// (screenshot below)
(the second listing that says “faded.pw” is only shown when http:// is accessed by an ip, it usually only shows “faded.pw (SSL)” because my Cloudflare page rule redirects all traffic to https://)
Thank you so much for this. I was into this issue and tired to tinker around to check if its possible but couldnt get it done. Now that i have seen the way you did it, thanks guys
with
regards
There are two related but separate connections you can force over HTTPS.
User to Cloudflare
Cloudflare to Origin
Your page rule sets the first, so users are forced to talk to Cloudflare over HTTPS.
But you probably have SSL Mode set to ‘Flexible’. Set this to ‘Strict’ on the SSL/TLS app (impacts all your Orange clouded DNS entries) or set a page rule to be a bit more granular. This will force Cloudflare to make all requests to your backend over HTTPS.
There is also a setting on the SSL/TLS app for ‘ Always use HTTPS’ that will force HTTPS for all Orange cloud hostname also, without a page rule.
