When I changed my Nameservers to Cloudflare my website stopped working
I tried to switch to cloudflare twice and imported my DNS records but both times my website stopped working so had to switch back my nameservers
19 Replies
What's the domain
And have you switched back to cf nameservers?
No I needed it to work so I went back to my softlayer nameservers as I am hosted at IBM who bought Softlayer
I cant switch now I need it to work and I also have to go out , maybe can try tomorrow again but I am scared as twice now when I did switch to CF it didnt work ,
so will u be around tomorrow I coudl try again
yes
Do u think changing Flexible to Full on SSL could fix it ? seems strange as the error in the browser was too many redirects
yes
the reason flexible hits that is because flexible is http to origin not https
which means your origin triggers a http -> https redirect
which goes to the eyeball... which is already using https
and then infinite loops
full/ full (strict) use https to origin
Cloudflare Docs
ERR_TOO_MANY_REDIRECTS Ā· Cloudflare SSL/TLS docs
Learn how to troubleshoot ERR_TOO_MANY_REDIRECTS when using Cloudflare SSL/TLS.
you want ssl full strict
then onboard to cf and it should just work
cant do full strict cos you need enterprise for that canonly do full
the htaccess file on my server will redirect any http to https
so will just strict work cos I cant do full strict
I dont know if u still there but I just changed it now
seems to be working at the moment and nslookup doesnt get my IP so must be going thru CF
I think changing it to full helped thank you very much for your help
Now I have another issue I am struggling to get into my admin sectionof the website
I restrict access by IP at my office in IIS and somehow I think CF is messing with my domain and it prevents me getting in but I can get into other sites admin also restricted the same way
its trying to connect by hostname and it doesnt resolve to the correct IP
so now I cannot adminster my site and do work š¦ unless I remove the security
I have a rule that changes all non www to add the www so I cant even use the IP address except for FTP but when I try to get into the admin section thats we programmed into the site I have to remove the IP security block
it is obviously password restricted but with the IP restriction as well makes it more secure
the whole reasonm I went with CF was to block certain states and I have a rule to do that but it is still allowing people from those states
I dont know how to tell if the blocking rule I set is working would that fall under the mitigated category in security overview ?
full strict is available for everyone
only origin-pull is not
well you'll be getting a cf ip, you should read
cf-connecting-ip to get the user ip
you can also use cf waf to block - https://developers.cloudflare.com/waf/I tried Full Strict and it said for enterprise members only
I am using a custom rule to block certain states I dont know if it is working , where are u located
this is the rule I am using:
(ip.src.region_code in {"AL" "AR" "FL" "LA" "UT" "TX" "ID" "IN" "KS" "KY" "MS" "MT" "NE" "NC" "OK" "SC" "TN" "VA"})
And I set the action to Block
where do I read that
Cloudflare Docs
Cloudflare HTTP headers Ā· Cloudflare Fundamentals docs
Cloudflare passes all HTTP request headers to your origin web server and adds additional headers as specified below.
i'm in the uk
you'll see waf events here: https://dash.cloudflare.com/?to=/:account/:zone/security/analytics/events
will that custom rule I put in work ?
looks fine to me
My Google Realtime overview in analytics still shows traffic in those states but not sure if its blocking that traffic
I get a 404 on that link u sentme
I go to security events and dont see any blocks related to that custom rule I setup
š¦
oh you may be on old waf ui
no I just checked one has to enable the rule I just did that
now I can see its working
I looked at this and dont understand it at all
well, cf sits in between the eyeball and you
so the ip which connects to your server is us
to get the real user ip you use the
cf-connecting-ip header
it's just a header with the users ip
as you can see on https://reqinfo.walshy.dev/I have no idea what u are talking about to be honest if I put the IP address in the URL it changes it to www.ip so it doesnt work because my htaccess changes all non WWW to WWW.
I dont understand the stuff u sent me in that link or how it helps my issue
the only way I can access it is to run off the IP restriction in IIS for the admin folder unless I also remove the rule in the htaccess to make non WWW into WWW
what rule can I use to block a country ? do you know ?
never mindI found it