Professional Documents
Culture Documents
NOV
A couple of weeks ago, CloudFlare launched Universal SSL, making SSL encryption
available to everyone. 2 million sites have already signed up for the service.
It’s very easy to setup a Flexible SSL. It only takes only 48hours to be active.
But if you force http to https redirection on your website with the following normal
methods, a loop redirection occurs.
SSL between the visitor and CloudFlare — visitor sees HTTPS on your site, but no SSL
between CloudFlare and your web server. You don’t need to have an SSL cert on your
web server, but your visitors will still see the site as being HTTPS enabled.
There is an encrypted connection between your site visitors and CloudFlare, but not
from CloudFlare to your server.
The HTTPS condition from the htaccess or PHP will always return as o , as server is still
using the http protocol.
Hopefully, there are some alternative methods to force the https redirects :-)
HERE’S THE SOLUTION (FOR APACHE ONLY) FROM THE CLOUDFLARE’S BLOG.
To redirect a user from HTTP to HTTPS, you can use the following:
RewriteCond %{HTTP:CF-Visitor} '"scheme":"http"' RewriteRule ^(.*)$
https://www.domain.com/$1 [L]
Similarly, to require all tra c go over HTTPS on CloudFlare, you can use the
following:
OR
You can also use the Cloud are Pagerules to force the https protocol.
For WordPress, there is a working plugin available called “Cloud are Flexible SSL”, I also
use “SSL Insecure Content Fixer” to load “unsafe scripts” in the admin section.
← Previous Next →
COMMENTS ( 4 )
COMMENTS ( 4 )
Stephane
says:
8 November 2014 at 6 h 00 min
Very good article man, glad you’re ying back to Sydney!!
Reply
Bersh
says:
14 November 2014 at 7 h 44 min
I added this to my php code as well:
if(isset($_SERVER['HTTP_X_FORWARDED_PROTO']) &&
$_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https'){ $_SERVER['HTTPS']='on';
}
Reply
Bersh
says:
14 November 2014 at 7 h 50 min
By the way Thomas, take a look at this : https://support.cloud are.com/hc/en-
us/articles/200170536-How-do-I-redirect-HTTPS-tra c-with-Flexible-SSL-and-
Apache- :)
Reply
Gomah
says:
4 February 2015 at 12 h 11 min
True, but I don’t use headers on my apache con guration when I need to use
apache!
Reply
LEAVE A COMMENT
Your email address will not be published. Required elds are marked *
Name *
Email *
Website
POST COMMENT
Search..
CATEGORIES
Development (2)
Web (1)
📞
+61 432 604 033
✉
web@gomah.fr
23 Darlinghurst Rd, Potts Point NSW 2011