Detectify
Knowledge Base

Back to Knowledge Base

Support Center

Implementing HTTPS (Cloudflare)

Last Updated: Nov 28, 2016 03:21PM CET

Before following this guide, please read through our general guide to implementing HTTPS as it covers the basics and some important tips. 

If you use Cloudflare as a provider, you can set up HTTPS using their Free Universal Cert. This allows the end user to enjoy an HTTPS connection without requiring any server side configuration. The image below shows the downside of this setup; traffic is only encrypted between the visitor and Cloudflare, but not between the origin server and Cloudflare. However, this is considered an accepted risk for now due to the simplicity of using this solution.

If there are sufficient time and resources to more properly configure Cloudflare they have guides available to configure what they call Full SSL, where the traffic is encrypted all through.



Cloudflare
 

Configuration

 

To configure this, start by logging in to the dashboard. Choose the domain and navigate to the overview. Select the tab Crypto and switch to Flexible under SSL.


Cloudflare cryptography settings
 


Force HTTPS

 

Cloudflare offers a built-in feature to support Force HTTPS. When configuring page rules, there is a function called Enforce HTTPS for this URL.

To activate Force HTTP go to the upper blue menu again and select Page Rules this time, followed by Create Page Rule. Enter http://*example.com/* as pattern to catch every request made over HTTP and select Always use HTTPS as the setting.


 


 

HSTS

 

Now go back to the Crypto tab in the blue menu and look for the box called HTTP Strict Transport Security and enable it. By changing the settings, this can be configured in more detail to suit your needs.


 
support@detectify.com
https://cdn.desk.com/
false
desk
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete