Rules for https

Hello,
we’ve trying to create a rule for this case.
Our domain www.domain.com has to be with SSL strict, but our subdomain mail.domain.com has to be without redirect on https.
We have set this rule:
(http.request.full_uri contains mail.domain)
and then set the options:
Automatic HTTPS Rewrites
SSL
both on Off, but if i digit mail.domain.com the domani not resolve. It seems going from https to http and so on in loop.
Could you help me to solve please?
Many thanks in advance.
Guido

You want mail.example.com to be http, not https?
(Is mail.example.com a web application, and you don’t use it for email?)
Do you have “always use HTTPS” enabled (it different from HTTPS rewrites which changes HTTP links in pages to HTTPS).

Can you give the domain name, it’s easier just to check it.

2 Likes

Hi and thanks for your fast and kind reply.

About your reply, yes our provider says us that mail.napoliweb.net (this is the domain) has to be on http and not on https. It is horde web mail. While www.napoliweb.net works on https

I don’t understand which modify I have to do to solve this.

1 Like

http://mail.napoliweb.net is redirecting to HTTPS.

curl -I http://mail.napoliweb.net
HTTP/1.1 301 Moved Permanently
Date: Thu, 14 Dec 2023 10:16:47 GMT
Connection: keep-alive
Cache-Control: max-age=3600
Expires: Thu, 14 Dec 2023 11:16:47 GMT
Location: https://mail.napoliweb.net/
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A4p3kQ64GwWOJS2FM1ZHOsXd%2F0v30bSQktTWfYjvFcFv3%2F4qu6Uh21nacmDINNrMZrCN6XJxL72NFH5nKUUlxuyALRAe6nPA3UamrdpJxJzGXC7cUr%2Fa%2B%2BonLXM5q25THiUbZr8%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8355b17dffdc71e4-LHR

Check if “Always use HTTPS” is enabled here…
https://dash.cloudflare.com/?to=/:account/:zone/ssl-tls/edge-certificates

Disabling it will disable it for your whole zone (it can’t be done in configuration rules) so you will likely need to set rules to redirect napoliweb.net and www.napoliweb.net to HTTPS here:
https://dash.cloudflare.com/?to=/:account/:zone/rules/redirect-rules

Also ensure you are set to “Full (Strict)” here…
https://dash.cloudflare.com/?to=/:account/:zone/ssl-tls

[add] Having to access a webmail page with just http seems a very bad idea. Any login credentials and the traffic won’t be encrypted. I would double check that is actually the requirement, and if it is, find an alternate webmail solution that can properly protect your data.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.