Cloudflare Developers•2w ago

Cloudflare Zero trust not working over Arduino Ethernet HTTP reqeust

I'm currently working with an Arduino Nano to send HTTP requests to a Cloudflare Zero Trust endpoint. Despite disabling the “Always HTTPS on” setting in Cloudflare, I am still encountering an issue. The Arduino successfully receives the initial HTTP response headers, as shown below, but does not retrieve the expected JSON payload following the headers.

HTTP/1.1 200 OK
Date: Tue, 12 Nov 2024 14:41:56 GMT
Content-Type: application/json
Content-Length: 42
Connection: close
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LtANSCgWlMAvK%2FdA1%2ByDYTcfcWkyd4YeHaTok31eD2ZORG3Ll55oVdNndu7X3qP247FqBmVkSatoA5dhMyUBHobIWVqWkSGP5l1nrh6O5gevVOg3YdHm0JdjjkxvMa4ThGg5JnpHBg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8e17492988aa7

HTTP/1.1 200 OK
Date: Tue, 12 Nov 2024 14:41:56 GMT
Content-Type: application/json
Content-Length: 42
Connection: close
cf-cache-status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LtANSCgWlMAvK%2FdA1%2ByDYTcfcWkyd4YeHaTok31eD2ZORG3Ll55oVdNndu7X3qP247FqBmVkSatoA5dhMyUBHobIWVqWkSGP5l1nrh6O5gevVOg3YdHm0JdjjkxvMa4ThGg5JnpHBg%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8e17492988aa7

Could you advise on any further adjustments that might be necessary within the Cloudflare Zero Trust configuration to ensure the Arduino receives the full JSON response? Thank you.

11 Replies

Chaika•2w ago

You'd probably need to debug that more on the Arduino, that looks like a perfectly sane response, getting a 200 so getting through access, getting a json response with a length of 42, it's http/1.1 which makes sense for http, doesn't else stands out there as a Cloudflare issue/config problem, I assume you can see the body fine via curl on a normal device?

IntrovertIRL (アビル)OP•2w ago

yeah i can see the body fine with curl also i used http://httpbin.org/get to confirm that its not problem with the arduino cuz responed with a body

HTTP/1.1 200 OK
Date: Wed, 13 Nov 2024 02:58:26 GMT
Content-Type: application/json
Content-Length: 200
Connection: close
Server: gunicorn/19.9.0
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true

{
  "args": {}, 
  "headers": {
    "Host": "httpbin.org", 
    "X-Amzn-Trace-Id": "Root=1-673415d2-02d5a0b16561d4825252ddd4"
  }, 
  "origin": "X.X.X.X", 
  "url": "http://httpbin.org/get"
}

HTTP/1.1 200 OK
Date: Wed, 13 Nov 2024 02:58:26 GMT
Content-Type: application/json
Content-Length: 200
Connection: close
Server: gunicorn/19.9.0
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: true

{
  "args": {}, 
  "headers": {
    "Host": "httpbin.org", 
    "X-Amzn-Trace-Id": "Root=1-673415d2-02d5a0b16561d4825252ddd4"
  }, 
  "origin": "X.X.X.X", 
  "url": "http://httpbin.org/get"
}

Chaika•2w ago

42 content length response seems pretty small, supposed to be that small/is that small in curl?

IntrovertIRL (アビル)OP•2w ago

It turns out the issue was on my end I hadn't adjusted the buffer size, which is why part of the message wasn’t showing. Thanks for your patience! btw is there anyway to config zero trust to force HTTPS on certain routes?

Chaika•2w ago

It's not a zero trust thing but yea you can use a Rules -> Redirect Rule for that, something like:

Chaika•2w ago

can change matching expression as needed, could use wildcard too like the http template does, depends what you need. The Dynamic Expression there is concat("https://", http.host, http.request.uri.path) with preserve query string checked

IntrovertIRL (アビル)OP•2w ago

i want to redirect all path to https unless its */api/*

IntrovertIRL (アビル)OP•2w ago

'(http.host eq "edumeserver.xyz" and http.request.full_uri matches "edumeserver.xyz/" and not http.request.full_uri matches "edumeserver.xyz/api/" and ssl)' is not a valid value for expression because the expression is invalid: Filter parsing error (1:68): (http.host eq "edumeserver.xyz" and http.request.full_uri matches "edumeserver.xyz/" and not http.request.full_uri matches "edumeserver.xyz/api/" and ssl) ^^^^^^^^^^^^^^^^^^ regex parse error: edumeserver.xyz/ ^ error: repetition operator missing expression

IntrovertIRL (アビル)OP•2w ago

(http.host wildcard "*.edumeserver.xyz" and not http.request.uri.path contains "/api" and not ssl)

(http.host wildcard "*.edumeserver.xyz" and not http.request.uri.path contains "/api" and not ssl)

still not working it started working after a while thanks for helping me out!!!

Gaming

Programming

Cloudflare Zero trust not working over Arduino Ethernet HTTP reqeust