Cloudflare Config, Settings, and steps to get resolved
Taking on a website & domain config, working on non-proxy, but want to check over the full selection of Cloudflare's security, settings, and features. Is there a domain/settings audit to revert back to a working website resolution. Currently getting error too many redirects while proxy on. I have the rules for http->https, www->@. I would like to find check list of default common recommended settings for websites, and what is not needed or should be turn off / on / setup. Maybe a setup guided bot to ask questions, and decide and walk-though which features and setup is needed or recommended. Using REPLIT, and Workspace.
31 Replies
too many redirects usually happens because you have selected the Flexible SSL mode. Change that to Full (Strict)
Thought that worked, but still seeing that error, going to clear cache and try in a few minutes. I already have the redirect rules mentioned above enabled for both domains. Do you typically use the other settings in a different menu Always Use HTTPS or HSTS, on active for the domain & a forwarding domain? or have a recommend check list sheet for other areas to consider for a typical website.
I have proxy on, and purged cache, deleted temp&cache on local browser. Not working get same error. Double checked SSL is on Full(Strict) active.
Maybe a way to export my current setup config to look over for suggestions?
Can you share the redirect rules you created and the domain?
wildcard_replace(http.request.full_uri, "https://www.*", "https://${1}")
SSL/TLS encryption
Current encryption mode:Full (strict)
You redirect all incoming requests, so that explains the redirect loop.
I'd delete the rule and activate automatic https redirects
If you want to keep the rule, use a custom expression to only redirect http requests
ok, setting those changes now.
I just disabled the http->https , and kept the www->@ rule, that ok?
Always Use HTTPS is on &active ✅
Using Replit as host VPS for now.
DNSSEC, & Multisign is off, Authenticated Origin Pulls - off, just turned off any of the beta optimizations, Managed Transforms adjustments to HTTP request - all off/not activated.
Did a copilot search found this: Verify Redirect Rules
Check if you have conflicting redirects in Cloudflare Page Rules or your Replit server settings.
If Cloudflare is redirecting http → https and your origin is redirecting https → http, it creates an infinite loop.
So I'm going to try turning off HTTPS redirect on Cloudflare, or attempt to find it on Replit. set Authenticated Origin Pulls ? recommendations seems to be have it off for more Cloudflare security. so testing it as off. ok turned off the WWW rule, seemed to help Getting HTTP ERROR 526 on the www, but the @ is working now.
So I'm going to try turning off HTTPS redirect on Cloudflare, or attempt to find it on Replit. set Authenticated Origin Pulls ? recommendations seems to be have it off for more Cloudflare security. so testing it as off. ok turned off the WWW rule, seemed to help Getting HTTP ERROR 526 on the www, but the @ is working now.
Can you show your www to @ redirect rule?
Site works on @root, but not on WWW, when I turn on WWW->@, it breaks the @ version.
error 526 means that you don't have a certificate on your server.
*no valid certificate
That rule is also redirecting all incoming requetss
If you redirect all requests, none will ever make it to your server
ok, suggestion to Wildcard?
Redirect all requests only works if you redirect from one domain to another
test1.com -> test2.com for example
Delete the rule and create a new one. There is a template for www to @ redirect
ok, what to get it to forward all www to just show as missionmb.com @root
or other recommendations
Create a new rule and choose the www to root template
ok just deleted rules, and used template as wildcard was default , and activated it
Good thanks you!, 👏
Looks good now
next I'm looking to forward anything from missionmetalbuildings.com to this missionmb one. I'm going to look to compare the settings and set the longer domain to match when I have on the other one that is working.
Using this template tho
I get
oh btw this was recently transfered from GoDaddy
figure should be some of these not needed.
No rush on this one, really using the first domain. Take care of anybody else before spending time on it.
well think that one is good now https://missionmetalbuildings.com/
Mission Metal Buildings | Premium Metal Structures in Florida
High-quality metal barns, garages, and custom buildings throughout Florida. Built to withstand Florida weather.
Thanks so much, glad to have this support here. I was getting frustrated just not having any input and perspective, with a knowledgeable party to help point what I should work on. 🙇♂️
Everything is much better now and working fine. I'm going to spent time working on improving the knowledge in this area of domains, dns, and security features found in Cloudflare. Got the docs and videos that I'm going through next to harden my deployments. Going to try and remember to make one change at a time and test for a while before moving forward. Any recommend security features I should focus on first to implement?
It really depends on what you're trying to achieve. A lot of the useful stuff on Cloudflare is enabled by default. Are you looking for anything specific?
Just trying to give my customers the best security of what is offered at this level, I'm just researching more before any features/changes now. Looking at the HSTS, and other ones I can't remember atm. I have another client that went with porkbun, after I suggested Cloudflare, and now that I see the SaaS protection, I want to point that out after I do more studing on it to explain it better. There are a few features I'll paste back here once I log back into the dashboard and read up a bit more.