Skip to Content [alt-c]
In reply to Comment by Andrew Ayer
It's not just mixed content, but application servers that will add explicit HTTP:// links in the response body, for example. Since the server thinks it's answering via HTTP (port 80), certain behaviors are present, and need to be re-written. Including HTTP response codes. I haven't seen anything in CloudFlare's writeups that indicates their CDN will rewrite response bodies or codes to account for these kinds of behaviors.
The Full SSL option will fix a lot of this behavior because the server then thinks it's answering via HTTPS (port 443), but that takes us back to the beginning of your problem statement: it's a non-trivial task for users/admins to take action to enable the encrypted back-end connection from application server to CloudFlare. Since most of the 2 million sites CF counts are small business or "prosumer" type of sites such as blogs, then I'd wager the percentage of effective, usable sites with Flexible SSL or Full SSL isn't very high, at all.
Reply
Your comment will be public. To contact me privately, email me. Please keep your comment polite, on-topic, and comprehensible. Your comment may be held for moderation before being published.
Your Name: (Optional; will be published)
Your Email Address: (Optional; will not be published)
Your Website: (Optional; will be published)
>
monospaced
Post a Reply
Your comment will be public. To contact me privately, email me. Please keep your comment polite, on-topic, and comprehensible. Your comment may be held for moderation before being published.