Cloudflare flexible SSL and redirects

Question

I'm having some really annoying problems with my domain.

I have Cloudflare flexible SSL on my site, and it makes a https call, IF I type it myself >< When I try to force https to be used on my site via a .htaccess file I get an internel server error.

I would like all visitors to my site to always be redirected to https://www.example.com even if they type example.com or example.com/index.php etc. + using https on the whole site.

I just can't find the solution to this, so I'm trying stack.

My DNS settings on Cloudflare is an A record that points domain.com to a IP and a CNAME record that says www.domain.com is an alias of domain.com

I have no page rules added on Cloudflare atm.

    <IfModule mod_setenvif.c>
    <IfModule mod_headers.c>
        <FilesMatch "\.(cur|gif|ico|jpe?g|png|svgz?|webp)$">
            SetEnvIf Origin ":" IS_CORS
            Header set Access-Control-Allow-Origin "*" env=IS_CORS
        </FilesMatch>
    </IfModule>
</IfModule>

<IfModule mod_headers.c>
    <FilesMatch "\.(eot|otf|tt[cf]|woff)$">
        Header set Access-Control-Allow-Origin "*"
    </FilesMatch>
</IfModule>


Options -MultiViews


<IfModule mod_headers.c>
    Header set X-UA-Compatible "IE=edge"
    # `mod_headers` cannot match based on the content-type, however, this
    # header should be send only for HTML pages and not for the other resources
    <FilesMatch "\.(appcache|atom|crx|css|cur|eot|f4[abpv]|flv|gif|htc|ico|jpe?g|js|json(ld)?|m4[av]|manifest|map|mp4|oex|og[agv]|opus|otf|pdf|png|rdf|rss|safariextz|svgz?|swf|tt[cf]|vcf|vtt|webapp|web[mp]|woff|xml|xpi)$">
        Header unset X-UA-Compatible
    </FilesMatch>
</IfModule>

<IfModule mod_mime.c>

  # Audio
    AddType audio/mp4                                   m4a f4a f4b
    AddType audio/ogg                                   oga ogg opus

  # Data interchange
    AddType application/json                            json map
    AddType application/ld+json                         jsonld

    AddType application/javascript                      js

  # Video
    AddType video/mp4                                   f4v f4p m4v mp4
    AddType video/ogg                                   ogv
    AddType video/webm                                  webm
    AddType video/x-flv                                 flv

  # Web fonts
    AddType application/font-woff                       woff
    AddType application/vnd.ms-fontobject               eot


    AddType application/x-font-ttf                      ttc ttf
    AddType font/opentype                               otf


    AddType     image/svg+xml                           svgz
    AddEncoding gzip                                    svgz

  # Other
    AddType application/octet-stream                    safariextz
    AddType application/x-chrome-extension              crx
    AddType application/x-opera-extension               oex
    AddType application/x-web-app-manifest+json         webapp
    AddType application/x-xpinstall                     xpi
    AddType application/xml                             atom rdf rss xml
    AddType image/webp                                  webp
    AddType image/x-icon                                cur
    AddType text/cache-manifest                         appcache manifest
    AddType text/vtt                                    vtt
    AddType text/x-component                            htc
    AddType text/x-vcard                                vcf

</IfModule>

AddDefaultCharset utf-8


<IfModule mod_mime.c>
    AddCharset utf-8 .atom .css .js .json .jsonld .rss .vtt .webapp .xml
</IfModule>


#<IfModule mod_rewrite.c>
#     Options +FollowSymlinks
   # Options +SymLinksIfOwnerMatch
#    RewriteEngine On
   # REDIRECT /folder/index.php to /folder/
#    RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /([^/]+/)*index\.php\ HTTP/
#    RewriteRule ^(([^/]+/)*)index\.php$ http://www.domain.dk/$1 [R=301,L]
#</IfModule>


#<IfModule mod_rewrite.c>
#    RewriteCond %{HTTPS} !=on
#    RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
#    RewriteRule ^ http://%1%{REQUEST_URI} [R=301,L]
#</IfModule>

#<IfModule mod_rewrite.c>
#    RewriteCond %{HTTPS} !=on
#    RewriteCond %{HTTP_HOST} !^www\. [NC]
#    RewriteCond %{SERVER_ADDR} !=127.0.0.1
#    RewriteCond %{SERVER_ADDR} !=::1
#    RewriteRule ^ http://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
#</IfModule>


<IfModule mod_autoindex.c>
    Options -Indexes
</IfModule>

<IfModule mod_rewrite.c>
    RewriteCond %{SCRIPT_FILENAME} -d [OR]
    RewriteCond %{SCRIPT_FILENAME} -f
    RewriteRule "(^|/)\." - [F]
</IfModule>

<FilesMatch "(^#.*#|\.(bak|config|dist|fla|in[ci]|log|psd|sh|sql|sw[op])|~)$">

    # Apache < 2.3
    <IfModule !mod_authz_core.c>
        Order allow,deny
        Deny from all
        Satisfy All
    </IfModule>

    # Apache ≥ 2.3
    <IfModule mod_authz_core.c>
        Require all denied
    </IfModule>

</FilesMatch>

<IfModule mod_headers.c>
     Header set X-Content-Type-Options "nosniff"
</IfModule>

#<IfModule mod_rewrite.c>
#    RewriteCond %{SERVER_PORT} !^443
#    RewriteRule ^ https://www.domain.dk%{REQUEST_URI} [R=301,L]
#</IfModule>



<IfModule mod_deflate.c>

    # Force compression for mangled headers.
    <IfModule mod_setenvif.c>
        <IfModule mod_headers.c>
            SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding
            RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding
        </IfModule>
    </IfModule>

    # Compress all output labeled with one of the following MIME-types
    # (for Apache versions below 2.3.7, you don't need to enable `mod_filter`
    #  and can remove the `<IfModule mod_filter.c>` and `</IfModule>` lines
    #  as `AddOutputFilterByType` is still in the core directives).
    <IfModule mod_filter.c>
        AddOutputFilterByType DEFLATE application/atom+xml \
                                      application/javascript \
                                      application/json \
                                      application/ld+json \
                                      application/rss+xml \
                                      application/vnd.ms-fontobject \
                                      application/x-font-ttf \
                                      application/x-web-app-manifest+json \
                                      application/xhtml+xml \
                                      application/xml \
                                      font/opentype \
                                      image/svg+xml \
                                      image/x-icon \
                                      text/css \
                                      text/html \
                                      text/plain \
                                      text/x-component \
                                      text/xml
    </IfModule>

</IfModule>


<IfModule mod_headers.c>
   Header set Cache-Control "no-transform"
</IfModule>

<IfModule mod_headers.c>
    Header unset ETag
</IfModule>

FileETag None

#<IfModule mod_expires.c>

#ExpiresActive On
#ExpiresByType image/jpg "access 1 year"
#ExpiresByType image/jpeg "access 1 year"
#ExpiresByType image/gif "access 1 year"
#ExpiresByType image/png "access 1 year"
#ExpiresByType text/css "access 1 month"
#ExpiresByType text/html "access 1 month"
#ExpiresByType application/pdf "access 1 month"
#ExpiresByType text/x-javascript "access 1 month"
#ExpiresByType application/x-shockwave-flash "access 1 month"
#ExpiresByType image/x-icon "access 1 year"
#ExpiresDefault "access 1 month"

#</IfModule>

Answer 1

Try the following rewrite rule:

<IfModule mod_rewrite.c>
 RewriteCond %{HTTPS} off
 RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
 RewriteCond %{HTTP_HOST} !^www\.
 RewriteRule ^(.*)$ https://www.%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>

Also please check that you have an SSL version of your virtual directory enabled in your httpd.conf/apache.conf file.

How are you managing the domain name? Through a control panel or through command line? Which class of cloud flare are you using? Do you have your own SSL certificate installed on the server?

Answer 2

Here's what worked for me: @Victor Häggqvist's htaccess rules combines with @Mohd Abdul Mujib's page rules (with * also in beginning of rule, though).

RewriteCond %{HTTP:CF-Visitor} '"scheme":"http"'
RewriteRule ^(.*)$ https://www.domain.com$1 [L]
------
http://*yourdomain.com/*

As per Cloudflare's manual, the protocol must be http in the above for it to work.

I added a pure html page to Cloudflare and got too many redirects, but the above helped. Now I will go and install Wordpress on the site.

These are the links I gathered for my journey, in case they are helpful to someone else, too.

https://support.cloudflare.com/hc/en-us/articles/200170536-How-do-I-redirect-HTTPS-traffic-with-Flexible-SSL-and-Apache-

https://blog.cloudflare.com/flexible-ssl-wordpress-fixing-mixed-content-errors/

https://support.cloudflare.com/hc/en-us/articles/201717894-Using-CloudFlare-and-WordPress-Five-Easy-First-Steps

https://support.cloudflare.com/hc/en-us/articles/203487280--How-do-I-fix-the-infinite-redirect-loop-error-after-enabling-Flexible-SSL-with-WordPress-

Answer 3

the .htaccess didn't work for me either (neither did creating a rule with force https option). What worked is I created a rewrite rule on CloudFlare to rewrite from http://yourdomain.com/* to https://yourdomain.com/$1 and that fixed the issues (it took about half an hour to kick in though).

Answer 4

As stated here On Cloudflare Official Support Site

So I'll walk you through what I did, (as of 16-JUN-2016)

Since a picture speaks a thousand words. See Below

And you are done. It should start redirecting to https outright.

Answer 5

From CloudFlare's knowledge base.

RewriteCond %{HTTP:CF-Visitor} '"scheme":"http"'
RewriteRule ^(.*)$ https://www.domain.com$1 [L]

See https://support.cloudflare.com/hc/en-us/articles/200170536-How-do-I-redirect-HTTPS-traffic-with-Flexible-SSL-and-Apache-

Just did this myself, works like a charm.