Redirects and 400 error when proxying
I'm experiencing a redirect loop and 400 error when proxying my connection through Cloudflare. Out of CF the connection is normal. Someone has any suggestion on the origin of this problem?
15 Replies
what's the domain?
The problem isnt occurring for the entire domain, but just for an specif login app in one path of the host. I've noticed some differences in the headers of thee requests and the also additional cf cookies on the proxyed connection.
and also differences in http version
the working occnnection uses /1 and the proxyed /3. Any of these could be an origin to the redirect problem?
Are you using the Full (Strict) SSL mode on Cloudflare? Was it working before?
Yes, it is in Full(Strict)
This was the first attempt of proxy it
Is there any way I can reproduce the error?
i have traffic ispection data from both ways, is there a way of sharing of securely?
Could you just share a link to the site with me or would I need valid login data to experience the redirect loop?
it would require a login which i have no way of giving you one
Completely understandable. Though if the login is successful, it does sound like the error is coming from your Origin. Do you see the redirects in your server logs?
I am inclined to think that the proxy may edit or exclude cookies needed to my connection
it iterates by the login, but when going back to the system it enters the loop
Are all your other settings on Cloudflare standard or did you maybe create cache rules or anything that might cause this?
I've tried a cache bypass to test the impact and got the same. I have no other cache rules
ok, talked to the older staff here and the system has been porxyed last year
without problems
Is there any new update on CF that could have impact in such a thing?
Can you try debug logs on your Origin and check if anything is wrong with the request coming from Cloudflare? Like missing headers?
Yes, actually I think miy session cookie is not being transmited
What's the format of your session cookie? Especially the name?
Also, can you check if you have a managed transform rule enabled? I don't remember whether it's on by default or not.
Add security headers
Adds several security-related HTTP response headers providing cross-site scripting (XSS) protection.