CloudFlare Flexible SSL?

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author webaware

    (@webaware)

    G’day ylluminate,

    If your web server can’t tell that you’re serving pages as SSL, then you can trick it. See this gist for an example of how to do that, and read about why in this blog post.

    cheers,
    Ross

    Thread Starter ylluminate

    (@gpsonet)

    Interesting, I’ll look at this here. Just a heads up, I used this already as well since I am on CloudFlare: https://www.macuha.com/2012/05/wordpress/how-to-setup-ssl-on-wordpress-admin-using-cloudflare-flexible-ssl/

    Plugin Author webaware

    (@webaware)

    Thanks, interesting. I plan to add some extra features to this plugin so that site admins can use settings to let WordPress know when to honour those custom HTTP headers like HTTP_X_FORWARDED_PROTO, and now also CloudFlare’s CF-Visitor.

    NB: CloudFlare Flexible SSL is really only half an SSL — it encrypts data between your site’s visitors and CloudFlare, but then sends all that sensitive data in clear text across the Internet to your web server. Great for giving visitors a happy feeling, but I wouldn’t trust it for securing credit card details.

    cheers,
    Ross

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘CloudFlare Flexible SSL?’ is closed to new replies.