Question regarding HTTPS vs HTTP and analytics


#1

Hi, we’re using Cloudflare Workers for a service that uses Cloudflare Workers to cache requests for autosuggest search (that it fetches from a search engine running on Google Cloud VMs). The cloudflare worker is only accessible through https://hostname.com (asking http://hostname.com gives 404), and the requests to the search engine running on Google Cloud VMs are also over SSL).

However, when we are looking at Cloudflare analytics for the domain it seems that Cloudflare traffic is 50-50 HTTP vs HTTPS, which doesn’t seem right? (Rough hypothesis: Cloudflare LB terminates SSL before HTTP to Cloudflare Worker/V8 and this counts both?)

10

Would be great to get an explanation of what is happening here.

Best regards,
Amund Tveit


#2

Hi @amund,

This looks like a bug in the analytics. It’s probably counting the incoming request separately from the subrequest your script makes using fetch(). Probably, the latter request is not counted as HTTPS because the request was actually generated locally using a worker, so wasn’t received through the usual HTTPS ingress point.

In short, the diagram is wrong – all your requests are in fact being served over HTTPS.

We are currently working on a number of improvements to our analytics related to Workers. I’ll make sure this is on the list.

Thanks!