Enable HSTS and make sure everything is HTTPS
Solved
Configure
-
Hi sir, as you know i am facing redirect issues for a couple of months i want to pick this topic again here sudonix.
can i just enable HSTS right away from CF panel?
after enabling HSTS i want to disable the page rules which I’ve writer earlier for HTTP to HTTPS redirection
i am trying to do by follow this video (enabling all cf settings, max header age is 6months)
@hari HSTS will have no bearing on redirects, but it of course will require https to work correctly. You can go ahead and enable that.
-
@hari HSTS will have no bearing on redirects, but it of course will require https to work correctly. You can go ahead and enable that.
@phenomlab my website is not loading
please helpis there any way to at least disable it temporarily?
-
@phenomlab my website is not loading
please helpis there any way to at least disable it temporarily?
@hari looks like i need to download the certificate from Cloudflare and apply it to my root?
-
@phenomlab my website is not loading
please helpis there any way to at least disable it temporarily?
@hari You can disable it at the CF level. That should be enough ?
-
@phenomlab i’m bit confused site did not work for 5min due to no proper certificate.
to prevent it from happening shall i apply CF SSL certificate to my server?
ok, if something happens i will try disabling SSL at CF level
now reading this https://support.cloudways.com/en/articles/5130554-how-to-configure-cloudflare-origin-certificate
-
This post is deleted!
-
@phenomlab i’m bit confused site did not work for 5min due to no proper certificate.
to prevent it from happening shall i apply CF SSL certificate to my server?
ok, if something happens i will try disabling SSL at CF level
now reading this https://support.cloudways.com/en/articles/5130554-how-to-configure-cloudflare-origin-certificate
@hari i’m configuring the origin server certificate hope that will not cause conflicts?
ok, we will look it tomorrow. good night
-
@hari i’m configuring the origin server certificate hope that will not cause conflicts?
ok, we will look it tomorrow. good night
@hari enabling HSTS should not be this complex. I’m not sure I understand the need for the origin certificate from CF as this should still work even with a trusted and verified cert on the destination and the communication mode for SSL set to strict.
You can actually enable HSTS and SSL stapling at server level rather than CF.
-
@hari enabling HSTS should not be this complex. I’m not sure I understand the need for the origin certificate from CF as this should still work even with a trusted and verified cert on the destination and the communication mode for SSL set to strict.
You can actually enable HSTS and SSL stapling at server level rather than CF.
@phenomlab Right now i am not facing any issues and everything is working perfectly
i want to summarise all my settings
CF settings
SSL is set to full strict
HSTS is enabled
Automatic HTTPS Rewrites CF setting is ONdisabled page rules for https redirect (earlier i used to use)
Server-side let’s encrypt is enabled
HTTP to HTTPS prediction is off
i want to keep the settings like this since everything is working at the DNS level.
if you suggest using HSTS and SSL from the server-side i will switch to it.
the only problem with flarum www redirection
shall i define something at subdirectory ht. access for this? or something needs to be done at domain ht access?
-
@phenomlab Right now i am not facing any issues and everything is working perfectly
i want to summarise all my settings
CF settings
SSL is set to full strict
HSTS is enabled
Automatic HTTPS Rewrites CF setting is ONdisabled page rules for https redirect (earlier i used to use)
Server-side let’s encrypt is enabled
HTTP to HTTPS prediction is off
i want to keep the settings like this since everything is working at the DNS level.
if you suggest using HSTS and SSL from the server-side i will switch to it.
the only problem with flarum www redirection
shall i define something at subdirectory ht. access for this? or something needs to be done at domain ht access?
@hari said in Enable HSTS and make sure everything is HTTPS:
shall i define something at subdirectory ht. access for this? or something needs to be done at domain ht access?
This makes the most sense to me as the redirect can be handled at the subdirectory level. HSTS should also work at the CF level without issue. What error do you get if you enable it ?
-
@hari said in Enable HSTS and make sure everything is HTTPS:
shall i define something at subdirectory ht. access for this? or something needs to be done at domain ht access?
This makes the most sense to me as the redirect can be handled at the subdirectory level. HSTS should also work at the CF level without issue. What error do you get if you enable it ?
@phenomlab No error, it just stuck without www. It should supposed to get redirected to www.domain/ask
This only happening with flarum all other wordpress subdirectories are getting redirected without any issue.
-
@phenomlab No error, it just stuck without www. It should supposed to get redirected to www.domain/ask
This only happening with flarum all other wordpress subdirectories are getting redirected without any issue.
@hari Does it work if you set a redirect using rules at CF ?
-
@phenomlab Yes, if I set a page rule it used to work.
Now shall I set a page rule for www at cloud flare (I don’t want to do it)
I am guessing a www. Redirection at ask folder ht acess would resolve the issue.
-
@phenomlab Yes, if I set a page rule it used to work.
Now shall I set a page rule for www at cloud flare (I don’t want to do it)
I am guessing a www. Redirection at ask folder ht acess would resolve the issue.
@hari said in Enable HSTS and make sure everything is HTTPS:
I am guessing a www. Redirection at ask folder ht acess would resolve the issue.
It should, yes. Did you create one previously, and it was ignored ?
-
@hari said in Enable HSTS and make sure everything is HTTPS:
I am guessing a www. Redirection at ask folder ht acess would resolve the issue.
It should, yes. Did you create one previously, and it was ignored ?
@phenomlab No, erlier I used to manage it using CF page rule (all in one rule https and www.) . Now as we switch to HSTS and there is a setting at CF as make sure every page is https it is taking care of http to https redirection so turned of page rules.
Could you suggest me the ht access rule for ask folder only
I have posted my ask folder ht access in my first post of this discussion
-
@phenomlab No, erlier I used to manage it using CF page rule (all in one rule https and www.) . Now as we switch to HSTS and there is a setting at CF as make sure every page is https it is taking care of http to https redirection so turned of page rules.
Could you suggest me the ht access rule for ask folder only
I have posted my ask folder ht access in my first post of this discussion
@hari So to confirm, you want all requests to this URL to be converted to https://www.domain.com ?
Author of OGProxy, Swatch, Threaded, Card, and most of Sudonix's bugs…
-
@hari So to confirm, you want all requests to this URL to be converted to https://www.domain.com ?
@phenomlab all WordPress installations for domain or subdirectory is properly getting redirected to www. so i don’t want to add any rules in main ht access
i want all requests to “ask” folder to be converted to www. https://www.domain.com/ask
only flarum is not doing www. redirection
if writing a global rule is the right approach i will try that
-
@phenomlab all WordPress installations for domain or subdirectory is properly getting redirected to www. so i don’t want to add any rules in main ht access
i want all requests to “ask” folder to be converted to www. https://www.domain.com/ask
only flarum is not doing www. redirection
if writing a global rule is the right approach i will try that
@hari You should leverage the
.htaccessinside the Flarum root directory and not touch anything else. If you set the forward here, it should work as planned.Let me know if you need any help.
Author of OGProxy, Swatch, Threaded, Card, and most of Sudonix's bugs…
-
@hari You should leverage the
.htaccessinside the Flarum root directory and not touch anything else. If you set the forward here, it should work as planned.Let me know if you need any help.
@phenomlab yes i want you to suggest/modify this for me
RewriteCond %{HTTP_HOST} ^yourdomain.com/ask [NC] RewriteRule ^(.*)$ http://www.yourdomain.com/ask/$1 [L,R=301] if i use this line in the subdirectory (flarum) it will redirect to to http?
could you suggest me a line which only modify non www to www and doent touch the https or http thing since DNS is taking care of it.
-
@phenomlab yes i want you to suggest/modify this for me
RewriteCond %{HTTP_HOST} ^yourdomain.com/ask [NC] RewriteRule ^(.*)$ http://www.yourdomain.com/ask/$1 [L,R=301]if i use this line in the subdirectory (flarum) it will redirect to to http?
could you suggest me a line which only modify non www to www and doent touch the https or http thing since DNS is taking care of it.
@hari said in Enable HSTS and make sure everything is HTTPS:
RewriteRule ^(.*)$ http://www.yourdomain.com/ask/$1 [L,R=301]
Before we do that, shouldn’t
RewriteRule ^(.*)$ http://www.yourdomain.com/ask/$1 [L,R=301]Actually be
RewriteRule ^(.*)$ https://www.yourdomain.com/ask/$1 [L,R=301]?
Author of OGProxy, Swatch, Threaded, Card, and most of Sudonix's bugs…
Did this solution help you?
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (ether email, or push notification). You'll also be able to save bookmarks, use reactions, and upvote to show your appreciation to other community members.
With your input, this post could be even better 💗
RegisterLog in
