Skip to Content [alt-c]

Andrew Ayer


CloudFlare: SSL Added and Removed Here :-)

Comment by Reader Brian M.

Posted in reply to Comment by Andrew Ayer.

This comment is owned by whoever posted it. I am not responsible for it in any way.

It's not just mixed content, but application servers that will add explicit HTTP:// links in the response body, for example. Since the server thinks it's answering via HTTP (port 80), certain behaviors are present, and need to be re-written. Including HTTP response codes. I haven't seen anything in CloudFlare's writeups that indicates their CDN will rewrite response bodies or codes to account for these kinds of behaviors.

The Full SSL option will fix a lot of this behavior because the server then thinks it's answering via HTTPS (port 443), but that takes us back to the beginning of your problem statement: it's a non-trivial task for users/admins to take action to enable the encrypted back-end connection from application server to CloudFlare. Since most of the 2 million sites CF counts are small business or "prosumer" type of sites such as blogs, then I'd wager the percentage of effective, usable sites with Flexible SSL or Full SSL isn't very high, at all.

| Posted on 2014-12-01 at 23:28:34 UTC by Reader Brian M. | Parent | Reply to This

Post a Reply

Your comment will be public. If you would like to contact me privately, please email me. Please keep your comment on-topic, polite, and comprehensible. Use the "Preview" button to make sure your comment is properly formatted. Name and email address are optional. If you specify an email address it will be kept confidential.

Post Comment

(Optional; will be published)

(Optional; will not be published)

(Optional; will be published)

  • Blank lines separate paragraphs.
  • Lines starting with ">" are indented as block quotes.
  • Lines starting with two spaces are reproduced verbatim.
  • Text surrounded by *asterisks* is italicized.
  • Text surrounded by `back ticks` is monospaced.
  • URLs are turned into links.