Cloudflare #general-discussions

Join Discord

Erisa | Support Engineer

04/05/2023, 11:32 PM

Yes, the more specific app wins over the wildcard and will bypass what you tell it to

Erisa | Support Engineer

04/05/2023, 11:33 PM

You can do *.example.com -> allow only you public.example.com -> bypass for everyone and it works how you would expect

Luix2

04/05/2023, 11:33 PM

Got you

Luix2

04/05/2023, 11:33 PM

Thank you 🙂

Ryder Cragie

04/05/2023, 11:49 PM

Am I missing something here or is this bulk redirect just not working properly?

screen-recording-2023-04-06-at-00-48-52

Ryder Cragie

04/05/2023, 11:50 PM

It's proxied. Subpath matching is on. Tried a redirect rule too.

marais

04/05/2023, 11:53 PM

@James what would it look like with Cache Reserve? Even though technically the objects live not on R2, could you cache anything as long as cache reserve is a thingy?

James

04/05/2023, 11:55 PM

I can’t imagine it’d be an issue given that it’s a usage based product when it comes to pricing

Chaika

04/05/2023, 11:56 PM

It's because you are never actually requesting the 404 path, you'll notice if you go to it directly , you do get redirected. It's just using javascript to rewrite the url without a redirect, client-side javascript navigation

Ryder Cragie

04/05/2023, 11:57 PM

Oh right.

Ryder Cragie

04/05/2023, 11:57 PM

I'll contact my forum provider.

Ryder Cragie

04/05/2023, 11:57 PM

Thanks.

Cyb3r-Jok3

04/06/2023, 12:35 AM

How new is your custom domain? Some times it takes a bit for a certificate to be issued for it

Cyb3r-Jok3

04/06/2023, 12:35 AM

You always want

Full Strict

for SSL

Ryder Cragie

04/06/2023, 12:36 AM

Unless...

Cyb3r-Jok3

04/06/2023, 12:38 AM

Hmm that should be enough time. What is the domain?

Cyb3r-Jok3

04/06/2023, 12:38 AM

Pages has it's own caching that is handled automatically so you don't need to clear it. You should also not being doing any caching in front of your pages project

Chaika

04/06/2023, 12:44 AM

(In case it's worth clarifying, you still do want and should use Full (Strict). Full is insecure, as you're trusting any certificate. If someone MITMs the connection and presents any self-signed certs, it would be accepted. So you'd have encryption to the bad guy. )

Ryder Cragie

04/06/2023, 12:53 AM

It was trusted by all browsers.

Ryder Cragie

04/06/2023, 12:53 AM

Full Strict ruined that.

gilla

04/06/2023, 12:54 AM

What’s a good way to start a full cloudflare stack project?

Ryder Cragie

04/06/2023, 12:54 AM

Don't care if it's not secure. I want my site to work.

Ryder Cragie

04/06/2023, 12:54 AM

Plus, it's got to be better than not using Cloudflare at all!

Cyb3r-Jok3

04/06/2023, 12:56 AM

Who was the cert issued from?

Ryder Cragie

04/06/2023, 12:58 AM

I'll unproxy forum.RyderCragie.com. One sec.

Ryder Cragie

04/06/2023, 12:59 AM

Done

Ryder Cragie

04/06/2023, 12:59 AM

Now you can see.

Chaika

04/06/2023, 12:59 AM

Strictly speaking, if something is wrong with the certificate and Cloudflare is rejecting it, then using Full or Flexible to get around it is basically lying to clients about the security of the connection

Chaika

04/06/2023, 1:00 AM

Chaika

04/06/2023, 1:00 AM

Do they tell you to use a CNAME or an A/AAAA Record? If it's a cname, CF will accept the cert if it contains the target when it is proxied