Minimizing Redirects

ssl
pagerules

#1

I am new to Cloudflare and was wondering if you could provide some assistance on how I can minimize redirects on my domain.

I have noticed that once activated, my domain has 2-3 additional redirects for “www” and “no www” addresses.
For example:
“www” - (h)ttp://www.abc.com -> (h)ttps://www.abc.com -> (h)ttps://.abc.com
“no www” - (h)ttp://abc.com -> (h)ttp://www.abc.com - > (h)ttps://.abc.com

I managed to minimize the “www” redirect by disabling “Always use HTTPS” since my hosting already enforces HTTPS on the SSL, so that is solved.

As for the “no www”, I am still receiving 3 redirects. How can I fix this? I have tried disabling other components, used different SSL settings, and page rules, but I am still receiving the same outcome.

Note: I had to use (h) as I am a new user and I was not allowed to add more than two links, but they are used for reference purposes only.

Please assist. Thank you.


#2

That “no www” redirect chain looks wrong. That one should have been only one redirect: http -> https

But here are two steps to reduce redirects:

  1. Turn on HSTS for your domain and subdomains on the Cloudflare Crypto settings page. Then head over to hstspreload.org and submit your domain for the preload list. Browsers use this list to automatically use https for your site. Whatever tester you used might not use the hsts preload list, but the real world will.
  2. Turn off “Always Use HTTPS” from the Cloudflare Crypto page. Now set up two page rules: Match http://example.com/* and forward it to https://example.com/$1 … Match www.example.com/* and forward it to https://example.com/$1

#3

I have implemented the changes you had advise and am getting the same results.

For “no www”, I am getting 2 redirects.

  • (h)ttp://abc.com -> (h)ttp://www.abc.com - > (h)ttps://abc.com

HSTS is showing that it is currently preloaded. I am not sure what else could be the problem.
“Always Use HTTPS” is off and page rules are in place.

Any ideas?

Thank you very much for response. I really appreciate your time.


#4

Something is wrong with the Page Rule match that should be catching http://example.com/*

Can you post a screenshot of your Page Rules? It’s ok if you redact the core domain name, but try to show as much as you can.


#5

Thank you very much for helping out.
Here is a screenshot of the page rules. I have also updated the Max-Age to 12 months as recommended on the HSTSpreload page.

I am using Varvy Tool for the redirect mapper and it is showing 2 redirects still.


#6

I only see two possibilities:

  1. Your site isn’t actually going through Cloudflare. On the Varvy report, does the Security section show a Cloudflare SSL Certificate? It might also show up as Digicert.
  2. You have something on your server that’s doing some of its own redirects. Possibly .htaccess

I would also manually confirm the redirects. If you have command line access somewhere with cURL, try:
curl -svo /dev/null http://example.com
You should see a 301 Code, and a bit farther down the new Location for the forward.


#7

I just checked the report once more and for some reason, it isn’t showing that my page is secured with SSL. I am using Let’s Encrypt SSL provided by my web host, SiteGround.

I double checked and my SSL certificate is active and Cloudflare DNS is enabled.
www.example.com.cdn.cloudflare.net

I have also checked my .htaccess file and do not see anything that would cause an additional redirect.

HTTPS forced by SG-Optimizer

RewriteEngine On RewriteCond %{HTTPS} off RewriteRule ^(.*)$ https://%{SERVER_NAME}%{REQUEST_URI} [R=301,L] RewriteCond %{SERVER_PORT} !=443 # END HTTPSRewriteEngine On

I have Force HTTPS enabled via SiteGround’s Caching Plugin.