I have numerous websites running through Cloudflare and I use Flexible SSL setting with them all and “Always Use HTTPS” is turned ON.
My expectation is therefore that all requests to my server would be HTTP not HTTPS. However, I am seeing quite a few HTTPS requests hitting my server (which I am unable to serve hence the requests return an error).
Can someone explain how these requests are getting through?
In case all records for your webisite are set to it could be direct IP access or access to a hostname from your provider. Something like vhost12345.provider.com
I’m seeing occasional direct connections to my server IP, but mostly it’s connections to one of the domains I host and they are coming through Cloudflare, eg:
I use Apache and only have one site configured for SSL on my server, hence all these requests end up there and my application throws a wobbly because the incoming domain doesn’t match what it’s expecting.
Just wondering if there are any thoughts? As (I think) @sandro said, everything coming through Cloudflare should be HTTP not HTTPS, given I have enabled Flexible SSL.