How does Cloudflare Flexible SSL work

According to the description of Cloudflare SSL service, the flexible mode means that we can get https connection between client and CDN while our server can still use http. enter image description here

I am confused that how can Cloudflare offer a valid certificate of our website to client?

Is that just like the man-in-the-middle attack? Cloudflare cooperates with a global CA, so that they can sign certificate for any website?

Requests logged in Cloudflare as “XSS, HTML Injection – Body”

Rule name: XSS, HTML Injection – Body Rule: 100096BHTML

Since about a week ago, requests matching this WAF rule have strongly increased on a customer’s website. This is an example graph showing only the number of those flagged requests over 24 hours:

Flagged requests over 24 hours

This affects all kinds of targets. Surprisingly for me, especially static files are being requested. Each IP address requests a number of files. The number of files can vary between a few and a few hundred. The set of files requested for each ip address seems to be legitimate.

Sources of the requests are legitimate ip blocks of mobile phone providers and home internet providers of the main targeted countries of the website.

I wonder, how I can deal with this:

  • It is not entirely clear to me what exactly is wrong with these requests. I assume, their body contains things it should not contain.
  • If my assumption is correct, I would need to log the request bodies.
  • Logging request bodies is critical from a data protection issue (GDPR, etc.).
  • It might be false positives, but how can I prove it?

Cloudflare slows down website

I started using Cloudflare CDN recently and it seems to slow my website down. It created a lot of redirect chains which is something I didn’t have before CloudFlare.
I researched the proper configurations for better performance and speed but looks like it made things worse for some reason.
https://gtmetrix.com/reports/guition.com/CJWFU9Fm
This is the GTmetrix report. I was under the impression that CDN would make YSlow scores better but I can’t see any.
I added the Expire Headers code in my htaccess file but it’s still an F, which is frustrating. Does someone know what could be the deal? I have been trying to figure it out for a week and came to no solutions.

Web server is down 521 – Digital ocean + cloudflare

I have been an issue with my website for the past 3 days, I keep getting this error: ( Web server is down 521 ). I checked the server log but I didn’t find any error.

I did the step below but nothing works: – restart mysql – restart apache server – clear cloudflare cache

As nothing was working I snapshot my droplet and I’ve created a new droplet from the snapshot I made. By doing that I received a new public IP address, after doing that the website start working fine. Since last night I started receiving the same error 521.

I don’t know what to do to resolve this issue.

Any help would be appreciated.

How to use Route53 NS output to set NS for Cloudflare subdomain using terraform?

I have created a Zone In AWS Route53 as following

resource "aws_route53_zone" "my-app" {   name = "$  {var.zone_name}"  } data "aws_route53_zone" "selected" {   name = "appgggghello.com." }  output "ns" {   value = "$  {data.aws_route53_zone.selected.name_servers}" } 

it will show out put as below

ns = [     ns-754.awsdns-350.net,     ns-555.awsdns-0553.org,     ns-555.awsdns-25552.co.uk,     ns-45569.awsdns-55555.com ] 

Now i have question is how can i use this NS output as input in Cloudfalre like here

resource "cloudflare_record" "aws-ns-record" {   domain = "$  {var.domain}"   name   = "appgggghello.com"   value = ["$  {data.aws_route53_zone.selected.name_servers}"]   type     = "NS"   priority = 1 } 

Within Route53 i can set NS using

records = ["$  {data.aws_route53_zone.selected.name_servers}"] 

Please let me know how can i achieve this ?

CloudFlare удаляет заголовки?

Делаю аутентификацию на Nuxt.js.

JWT токен добавляеться в headers.

А они не доходят до сервера.

В чём проблема? Может быть CloudFlare удаляет заголовки?

Запрос делаю с http://localhost на API который работает через CloudFlare.