Cloudflare enforce SSL redirect HTTP to HTTPS

and published
Cloudflare redirect http to https

In this tutorial, we will cover the necessary steps to make Cloudflare enforce SSL on your site by redirecting all non-http traffic to HTTPS using a simple page rule. It does not cover issuing a Cloudflare SSL or installing a FREE Cloudflare SSL CERT it in cPanel, nor does it cover the enabling of SSL in WordPress.

Cloudflare Page Rule 301 Redirect from HTTP to HTTPS

  1. Login to Cloudflare
  2. Select your site using the dropdown menu found in the upper left corner
  3. Click the Page Rules icon at the top of the screen
  4. Click the Create Page Rule button
  5. Enter http://*example.com/* but obviously changing the domain with yours.
  6. Under “Then the settings are:” click + Add a Setting
  7. Click the dropdown list, find and click option “Always Use HTTPS”
  8. Finally click Save and Deploy

Cloudflare Page Rule HTTPS 301 non-www to www

If your site uses www then you might want Cloudflare to handle this aspect for you too, below is a simple page rule that will redirect all non-www traffic to www over HTTPS. This Page Rule assumes that you are using the earlier 301 Redirect from HTTP to HTTPS page rule.

  1. Login to Cloudflare
  2. Select your site using the dropdown menu found in the upper left corner
  3. Click the Page Rules icon at the top of the screen
  4. Click the Create Page Rule button
  5. Enter https://example.com* and obviously changing example domain with your own.
  6. Under “Then the settings are:” click + Add a Setting
  7. Click the dropdown list, find and click option “Forwarding URL”
  8. Change the “Select Status Code” to 301 — Permanent Redirect
  9. Add https://www.example.com/ in the box below, but obviously changing example domain once again with your own domain name
  10. Order, now ensure the order is set to LAST because the rule before is your SSL page rule and will not work correctly if executed first.
  11. Finally click Save and Deploy

Leave a Reply

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

9 Responses to “Cloudflare enforce SSL redirect HTTP to HTTPS”

  1. Hi
    Thank you for this great tip. but there is no “Always Use HTTPS” on cloudflare. can you check again and revert ?

    Thanks, Juste

    Reply
    • Its found within the page rules modal popup… below “Then the settings are:” click “Add a setting”.

      After clicking add a setting it should look something like this!

      cloudflare dropdown settings https always on

      As you can see it has a “always use HTTPS”.

      Reply
  2. Daniel Plácido

    Hello friend, do you know how I can force HTTPS with Cloudflare for a hosted WordPress? When I create the rule to force HTTPS from the problem to access wp-admin.

    Reply
    • Ensure that you update WordPress to work as HTTPS, this can be done by login into the WordPress Dashboard and going to Settings > General. Then update these URLS:

      WordPress Address URL Settings

      Reply
      • I was under the impression the if you change the URL in the WordPress general settings it breaks the site?

        Reply
        • Hi, it’ll log you out as you do it but I assume that your template and content follows good practices then no your website will not break. Normally issues occur when users manually edit template files and have specific code that uses absolute URLs with HTTP:// – Easiest way to check is to enable it and find out, if your unable to login to change it back, simply log in to phpmyadmin or similar and take a look in wp_options.

          Reply
  3. Jayesh Kikani

    Thank you very much for this tutorial.

    Reply
  4. I add Cloudflare SSL in my site but now I am worried about how to redirect HTTP backlinks to https. I have add this code in the .httacess, is this code good or should I remove it and use cloudflare page rules?

    
    RewriteCond %{HTTPS} on
    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
    Reply
    • Hi Atif,

      I recommend that you use Cloudflare Page Rules because then your server-side requests reduce by 1 request, while its only 1 if receiving lots of visitors, it adds up and can help save resources on the server.

      I personally use

      http://bybe.net/* then 301 forward as https://www.bybe.net/$1
      https://bybe.net/* then 301 forward as https://www.bybe.net/$1
      http://www.bybe.net/* then 301 forward as https://www.bybe.net/$1

      Reply