Redirect (Always Use HTTPS)

luc6 · September 13, 2023, 8:32pm

Looks like the Canadian proxy fail to redirect HTTP to HTTPS when Always Use HTTPS is checked.
This is working via VPN to USA but not working in canada

Here is the response header

curl -I http (slas-slash) libre-choix.ca

HTTP/1.1 503 Service Unavailable
Server: squid/3.4.8
Mime-Version: 1.0
Date: Wed, 13 Sep 2023 20:29:38 GMT
Content-Type: text/html
Content-Length: 196
X-Squid-Error: ERR_CONNECT_FAIL 110
X-Cache: MISS from vl-mr-rx004
X-Cache-Lookup: MISS from vl-mr-rx004:3129
Via: 1.1 vl-mr-rx004 (squid/3.4.8)
Connection: keep-alive

i40west · September 13, 2023, 9:16pm

That’s not a Cloudflare response. Do you have something like an /etc/hosts that is making you connect directly to the origin IP address?

luc6 · September 13, 2023, 9:22pm

No entry in hosts file, the proxy (orange cloud) is enable and the origin server will repond by Nginx as server name in the response header, I know nothing about squid server name. And the proxy always override with Server: Cloudflare

From USA it’s working, not from Canada, so this is clearly a geo located proxy fault.
Thanks for your help!

i40west · September 13, 2023, 11:20pm

If you know nothing about a Squid proxy, is it possible your client connection is being forced into a transparent proxy?

The point is, the response you posted didn’t come from Cloudflare at all. You’re not connecting to the Cloudflare proxy if that’s the response header.

cscharff · September 13, 2023, 11:27pm

No it isn’t. A squid proxy is something run on a local network. This is a problem with the local network the testing is being performed from, it has nothing to do with Cloudflare.

luc6 · September 13, 2023, 11:49pm

This is weird, from the same connection, I uncheck the Always Use HTTPS, domain still proxied (orange cloud) and the request go thorough and my origin server is making the redirection from http to https
So there must be something on the way of the request that is not related to my own network.

cscharff · September 13, 2023, 11:53pm

It’s probably a squid configuration issue (not that I’ve run one in 15ish years)…

But you’d need to determine who is managing that for your network.

luc6 · September 14, 2023, 3:00am

Well, I think a Cloudflare internal should look at this.
I traced where the response header server come from, and it’s from this Cloudflare IP: 172.64.80.1

This can only be reproduce from some place in Canada, I tried with VPN all over and not this response, well the redirect location response as expected

While using curl -I http:(//) lire-choix.ca to see the following response header
HTTP/1.1 503 Service Unavailable
Server: squid/3.4.8
Mime-Version: 1.0
Date: Wed, 13 Sep 2023 20:29:38 GMT
Content-Type: text/html
Content-Length: 196
X-Squid-Error: ERR_CONNECT_FAIL 110
X-Cache: MISS from vl-mr-rx004
X-Cache-Lookup: MISS from vl-mr-rx004:3129
Via: 1.1 vl-mr-rx004 (squid/3.4.8)
Connection: keep-alive

cscharff · September 15, 2023, 12:50am

Here’s a request from Canada to a Cloudflare datacenter in Canada which doesn’t encounter this error. The first request on HTTP is redirected to HTTPS with no mention of a Squid proxy in the headers.

Cloudflare doesn’t run a Squid proxy, there are no Cloudflare headers in the response and vl-mr-rx004 doesn’t correspond to any naming scheme that I’m familiar with for Cloudflare metals. Have you asked your network administrator?

luc6 · September 15, 2023, 1:05am

You are right, this is my service provider Videotron who don’t know what they are doing with their config
Cheers, we may close this topic

epic.network · September 15, 2023, 5:08am