With SSL/TLS set to Full (strict), still seeing requests as http on port 80 on origin

My understanding is that with “Full (strict)” set, I should be seeing HTTPS requests on port 443 on my origin server.

However, I am seeing them on port 80 still despite setting to “Full (strict)” some weeks ago.

This is causing a redirect loop on a Wordpress install on our website, which I can only work around by editing WP code (which gets blown away whenever somebody updates WP).

Help? Is my understanding about how “Full (strict)” works wrong? Or should I be looking for a configuration issue?

yes, I receive the same problem. I believe you have to force redirect to https using a page rule (What I did)

HTTP requests will still go to port 80. You will need switch on “Always-use-HTTPS” at https://dash.cloudflare.com/redirect?zone=ssl-tls/edge-certificates to redirect all requests to HTTPS, in which case they will all go to port 443.

:+1:t2: for using Full strict, the only secure option.

Thanks. To be clear, I am accessing the site via https. I already have “Always use HTTPS” set, and am using https:// in my requests. So my requests to CF are https for sure, but it seems that the CF -> origin is reverting to http somehow…

Setting a page rule doesn’t seem like it would have any effect, since I’d be setting it for http:// pages, but as I said I am already accessing the site via https.

You dont need a page rule for that.

If your mode is “Full strict” and you access it via HTTPS, the requests to the origin should be HTTPS exclusively. If they are not, either a setting is wrong or there is a Cloudflare issue.

Can you post your domain?

Ok, thanks so yeah that is my understanding as well.

If I had the certificate configured wrong, it just wouldn’t work, right? I’d get a 403 or something?

Domain is taxifarefinder.com. We have a lot of other domains too, which don’t have this problem.

Not necessarily, depends on what would be configured incorrectly.

Your site already redirects to HTTPS. I cant tell whether that is because of aforementioned setting or a redirect from your origin, but it does redirect.

Just to be absolutely sure, your current SSL mode for your taxi domain at https://dash.cloudflare.com/redirect?zone=ssl-tls is “Full strict”. Right?

Also, by “requests” you mean more that just requests for “/”, right?

Yes, and yes. Full Strict. And, it seems to affect all URLs. The Wordpress install is at /newsroom, and it’s certainly happening there.

Hmm, going to http://taxifarefinder.com/newsroom returns quite a few redirects (five if I counted correctly) but eventually it ends up on HTTPS.

I am afraid at this point I could only refer you to support, maybe they can shed some light on it. If you want I could have a look at your origin, but for that you’d need to share the IP address (if you are comfortable with that). That could be either with a temporary posting here or - in private - with a check against the IP address at sitemeer.com (just let me know at what time you ran it).

Though, checking the IP would only allow me to verify the certificate on your end. It would not necessarily explain why Full strict does not seem to work, respectively if the certificate wasnt valid we could narrow it down to some other issue.

Only ideas for now

  • Try to switch to “Off”, wait five minutes, and then switch to “Full strict” again. Maybe something got stuck
  • You are not using any other Cloudflare features, such as workers, are you?

One other idea.

The nameservers in your account are “newt” and “dana”, right?

If not, you might be making your changes in the wrong Cloudflare account (assuming the domain was ever added to more than one).

Yep, newt and dana. No, not using any workers. I just tried turning it off and back on, no dice.

I think I will see if I can file a ticket with support. Thanks for all of your help, I appreciate it.

In that case I am terribly sorry but I am out of ideas. Either I competely missed something obvious, or there still is some setting incorrect, or there is some glitch with your account. The way you described your account settings it should go for 443 when you send an HTTPS request.

At this point it really is support which needs needs to look at it :slight_smile:.
https://support.cloudflare.com/requests/new

Also, once you have a ticket number, make sure it does not get automatically closed by the auto reponse and post the ticket number here for @cloonan

1 Like

I figured out what the problem is, and it’s not Cloudflare. We started using Ezoic for ads recently, and they use their own proxy. In other words our Cloudflare DNS settings point to Ezoic’s servers, which are apparently using HTTP to pass the request to the origin. So, I am going to work with them to figure out why and how to fix that.

Thanks again @sandro for your time on this, I really do appreciate it.

2 Likes

This topic was automatically closed after 30 days. New replies are no longer allowed.