We have a site running on CloudFlare Pro that uses their supplied certificate for one-click encryption. Our site has "optional" SSL for users. As it's a forum, we currently run a proxy script that detects if a posted image is not using a HTTPS protocol and automatically proxies the image through a script running on our server to maintain security and our lovely green lock!
My only issue now is that this introduces unnecessary load on our servers when users aren't using HTTPS so we would like to be able to detect if they are or are not. However, as the CloudFlare server is actually connecting to ours no matter what over HTTP (because we are using one-click SSL on CloudFlare) our PHP script always reports HTTP and never proxies the images even when the user is using HTTPS. Is there a way to get CloudFlare to report the user is using SSL?
Found my answer, they send a header X-FORWARDED-PROTO
. It's https
for SSL and http
for normal!
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With