Weird 301-redirect to http from https only happening with CF as proxy on /wp-admin on www subdomain

Question

I have a wordpress blog on an EC2 instance on AWS using the AMI image aws-marketplace/bitnami-wordpress-6.3.2-6-r09-linux-debian-11-x86_64-hvm-ebs-nami-7d426cb7-9522-4dd7-a56b-55dd8cc1c8d0

In cloudflare both blogdomain.com and www.blogdomain.com goes towards the EC2 instance, and currently I don't force any redirect from "naked" subdomain to www or opposite.

Most of the site works fine and equally on both blogdomain.com and www.blogdomain.com.

However, on /wp-admin/ I receive an ERR_TOO_MANY_REDIRECTS, but only on the www subdomain. Here you can see the result of a curl request to both domains.

HTTP/2 301 
date: Fri, 03 Nov 2023 18:02:09 GMT
location: http://www.blogdomain.com/wp-admin/
cache-control: max-age=3600
expires: Fri, 03 Nov 2023 19:02:09 GMT
report-to: {"endpoints":[{"url":"removed"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: removed

HTTP/2 302 
date: Fri, 03 Nov 2023 18:02:25 GMT
content-type: text/html; charset=UTF-8
location: https://blogdomain.com/wp-login.php?redirect_to=https%3A%2F%2Fblogdomain.com%2Fwp-admin%2F&reauth=1
expires: Wed, 11 Jan 1984 05:00:00 GMT
cache-control: no-cache, must-revalidate, max-age=0
x-redirect-by: WordPress
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"removed"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: removed
alt-svc: h3=":443"; ma=86400

I've tried to narrow this down, and the redirect from https to http at /wp-admin/ isn't caused by Wordpress, in fact, the reason it ends up in a redirect loop is because Wordpress is the one redirecting back to https, while CF seems to be the one insisting it should be http://.

Full SSL for the domain is enabled in Cloudflare and there are no page rules or workers active for the domain that would cause any redirect from https to http.

If I add <ip address> www.blogdomain.com in my /etc/hosts (thus bypassing Cloudflare entirely) it just works, no redirect loop occurs, and I'm able to use the admin panel on the www-subdomain.

So for whatever reason it seems this redirect is somehow happening in Cloudflare, and only for /wp-admin/*, which I feel makes no sense, since it's set up to serve https, so if anything CF should redirect from http to https, not the other way around like it does now...

I'm at a loss here on what to do next, could it really be some sort of bug in CF causing this? I've tried to look through all the settings pages multiple times, without finding anything configured that could be the culprit of this.

I've also purged the CF cache numerous times as I've debugged this.

I would really appreciate any kind of help here!

Answer 1

Seems this may have been caused by a Cloudflare page rule I had disabled earlier in the day. The rule was SSL off for wp-admin. It seems it stuck around in some cache, even though I purged the cloudflare cache numerous times in the hours after I had disabled it.

Either way, it worked after the weekend.