Website can only be accessed via "https", not "http"


#1

My website can only be accessed via “https”, not “http”

This just randomly started today.

http://example.com //does NOT work
https://example.com //works fine

This is a CloudFlare related issue being that when I deactivate CloudFlare for my domain (“Pause Cloudflare on Site”) that fixes this. Only when CloudFlare is activated is this issue present.

The reason this is a big deal is because our website hosts an API used for authenticating users, the API can only work over port 80 (http), so being that when CloudFlare is enabled I cannot access my website over http none of our users can authenticate through our API.

Very strange.


#2

First of all, this is really bad practice. Port 80 is NOT encrypted so any information can be read, modified, and replayed by anyone listening to that traffic (Be it an ISP, coffee shop wifi, etc).

As for the issue, how is it “not working”? Is it a redirect? is it an error? Also, it would help if you could provide the domain.


#3

We encrypt the traffic. All data is encrypted when received and sent to api. But what happens is a connection timeout. When trying to access the website via http the page loads for a few seconds, then the CloudFlare error “Connection Timed Out” is served. And like I said previously, when I disable cloudflare for the domain “Pause Cloudflare on Site” this issue is not present. Could it be a cloudflare SSL bug or something along those lines?


#4

Still haven’t been able to come up with a fix.


#5

Not a bug, is a configuration setting. You have ssl set to Full (Strict) and an active cert on the origin server, you’re enforcing https.

Edit - You also have under attack mode enabled, which is the reason you’re seeing the interstitial page


#6

So being that I have an SSL certificate installed on my origin and on cloudfalre I have SSL on strict. Results in me being unable to access the website via http? When I try to access my website via “http://” the website loads for around 10 seconds, then timeouts. The website only works with “https”. I’ve also change cloudflares SSL to “Flexible”, And I am still unable to connect to the website via “http://”

If I disable cloudflare for the domain the website works on both http and https, but when cloudflare is active the website only works with https, NOT http


#7

How would it be configuration settings? What needs to be changed to resolve it? I didn’t change any settings on the origin or cloudflare before this started happening. Didn’t have any issues for around 6 months until this just randomly started yesterday. I’ve changed SSL to “full” (not strict) in cloudflare and the issue is still present.


#8

Can you turn off under attack mode?


#9

I’m under attack mode most certainly is not the issue. But I’ve gona ahead and disabled it. The issue is still present. The website cannot be accessed via http (if the website is attempted to be accessed via “http” the website loads for around 10 seconds, then I get a cloudflare connection timeout error). The website works fine over https, but not http. No settings were changed on my end before this randomly started happening yesterday.


#10

Additionally, if I disable cloudflare for the domain “Pause Cloudflare on Site”, both http and https work fine. But as soon as I re-enable cloudflare for the domain I can no longer access the website via http. I didn’t change any settings before this issue began.


#11

Thank you, got it. I looked at the audit log for yesterday and there were a lot of changes, digesting them now…


#12

Yes, there were a lot of changes ever since this started happening because I was trying to fix the issue. Until this started happening, no changes were made. But yes thanks for the help. Not sure at all what would be causing this random issue. Possibly some sort of bug?


#13

Hi @ReflexDev, doubt it’s a bug, but that’s may still be TBD. Can you open a ticket with the support team (to get in the queue with them early in case we need them). Still looking @page rules and audit log for clues…


#14

Thanks. Yeah it’s very strange, I have all cloudflare IP ranges whitelisted in my servers iptables. I’ve read somewhere online that this could be an issue with cloudflare’s page rules, and a few other things. Though none of my page rules would be causing this maybe it’s some sort of error? I’m not sure. Just super strange this started happening out of no where.


#15

I’ve also heard that deleting the cloudflare domain, then re-adding it to cloudflare can sometimes fix the issue, I was thinking about trying that later today If I’m unable to get this resolved.


#16

Removing and re-adding is certainly a good ctrl-alt-del approach, but fear you may ultimately work your way to same situation. You paused and re-enabled page rules yesterday so I’m assuming that did not change anything. An option short of removing the zone is removing the cert on your origin and set ssl to flexible.


#17

Thanks for the reply. I will try deleting the current SSL installed on my origin server and install a CloudFlare Origin Certificate. But, shouldn’t SSL not matter? Being that the issue is that I cannot access the website on HTTP (port 80) wouldn’t SSL not effect that? I can access the website fine on https:// (port 443). But I cannot connect to the website via port 80 (http://) it will just timeout?


#18

ugh, y, thank you. Just checked, your origin is not responding on port 80, I’d leave cert in place and reach out to host to have them investigate.

Edit - also means removing and re-adding site proly won’t help.


#19

Yeah, just now I deleted the SSL installed on my origin server, then I installed a cloudflare Origin Certificate. Everything is working fine over SSL (https port 443), but http (port 80) is still not working. I’m able to access the website just fine via https:// with the newly installed CloudFlare Origin Certificate but not http://

And yeah it probably won’t help deleting then re-adding the site to CloudFlare but I’ll give it a shot. I have all cloudflare IP ranges whitelisted in my servers iptables/firewalls so I don’t have much else to try.

Also, I’ve noticed there have been some logs from cloudflare trying to use port 8080, should I open the port 8080?


#20

yes on 8080, not sure it will have an effect, but it is one of the ports we support for http proxying. Did you check with your host on why traffic is not accepted on port 80?