Redirect to HTTPS

Hi
my site always redirect to all HTTP request to HTTPS in origin side… and i have not any HTTPS redirect issue, but I have some questions for this.

can I still need setup any HTTPS Page Rules in the Cloudflare side to work CDN as properly?

There are no particular HTTPS Rules, so you would need to specify which PageRules exactly you would implement.

Do you want some “HTTPS Rules” which are affecting the connection from:

  1. User to Cloudflare
  2. Cloudflare to your Origin Server?

If your Server does have a valid SSL Cert, you could simply change your SSL Mode to “Full (Strict)” and turn on “Always use HTTPS”, and everything would be automatically encrypted.

Please change the category of your Thread to “Security” as it is not performance related, thanks!

Thank you for your reply,
my Server have a valid SSL with provided Lets Encrypt and also installed on my site.

so I’ve change SSL Mode to “Full (Strict)” and turn on “Always use HTTPS.

but I have following redirect chain issue when turn on “Always use HTTPS.
http://example.comhttps://example.comhttps://www.example.com

after I turn off the “Always use HTTPS. and creating following page rule.

http://www.example.com/* then the settings are “Always use HTTPS. and work as well.

Please let me know for this page rule works properly for my needs.

What you are adressing is a problem that does exist for years: redirecting on the root domain to WWW and HTTPS takes 2 redirects instead of one.

I have wrote about this somewhen in the past: HSTS & PageRule Problem

Which wasn’t very popular :smiley: but the rootproblem is the same, weather you do it with “Always use HTTPS” or HSTS, the first redirect will solely be HTTP ==> HTTPS without the WWW included.

If you turn off “Always use HTTPS” this will affect ALL subdomains aswell, so you want to keep it on.

What I would recommend is this PageRule:

http://example.com/*

Forward “301” to: (first try “302” for testing!)

https://www.example.com/$1

Which should do the trick, but will interfere with HSTS, since HSTS will be bypassed, as it normally would redirect to https://example.com/ first… there ATM is no perfect solution to this scenario, specially if you think bigger than just having the main domain, but also subdomains.

I’ve tried to this rule and turn on “Always use HTTPS” but still get redirect issue,

http://example.comhttps://example.comhttps://www.example.com

when I enabled with HSTS has no redirects issue. it’s OK?

It’s maybe because the redirect in your rule is a 301 and therefore already is cached on your browser. Hard to tell if we don’t know your real domain.

hi
when turn off “Always use HTTPS” working on this page rule.

http://example.com/*

Forward “ 301

https://www.example.com/$1

I am sorry, I could not follow your statement.
What is working and what is not working?

You recommend rule for suggested to me

https://community.cloudflare.com/t/redirect-to-https/384238/4

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.