Skip to main content

Blogger HTTPS for custom domain and Cloudflare

In BHF, there was a recent issue related to cloudflare where the browser screams the site is a phishing site. So I thought of writing up how does a service like cloudflare affect your blogger blog.

What is Cloudflare?
Well we have that written all over Wikipedia: Cloudflare. Let's go on with why Blogger users look for Cloudflare.

Anciently Blogger users used Cloudflare for one simple reason. HTTPS for custom domains.
So what happens when you introduce Cloudflare into your domain?
DNS Redirect.
Your custom domain will be configured with the proxy info provided by Cloudflare and when the request is hit, DNS redirect happens.
DNS redirect is bad for the site's health.
A number of reasons, but the most important is that some browsers, when it detects a DNS redirection, it thinks that it is a phishing site.

What is a DNS redirect?
I am trying to explain this in easy terms. I'll try not to be too technical. When a custom domain URL is hit, usually the domain requests go to Name servers from where the browser would obtain where the domain points to.

So normally, without cloudflare, when a URL is hit,  it first goes to the respective name server to pull the DNS records. Usually to publish a blogspot address, we add 4 * A records and a CName record.

Let's consider CName alone for instance and so the mapped name is ghs.google.com. Therefore the www URL request is redirected to ghs.google.com and from there Google takes care of the publishing.

When it comes to cloudflare, when the same URL is hit, it first goes to the respective name server to pull the DNS records and turns out www URL will be mapped to an IP address provided by cloudflare. So, the request is redirected to this IP address (this is redirect number 1)

This IP address will be holding the SSL certificates required for HTTPS. Once this IP address receives the request, it redirects it to ghs.google.com or one of the four IP addresses. (this is redirect number 2)

(Please note that this is a rough idea and am not sure if just one redirect happens)

What happens when such redirects happen?
  1. Affects your search engine visibility.
  2. Becomes a suspect of phishing site sometimes.
  3. Slows down the speed of your blog as it is through a proxy server.
and so on.

What to do if the blog becomes a phishing suspect?
Three steps to follow and you'll be good,
  1. Remove cloudflare or any other such service.
  2. Setup your custom domain DNS properly with 4 * A records and a CName record.
  3. After doing the above steps, report your blog itself in this link below,
    https://safebrowsing.google.com/safebrowsing/report_error/
What do we do for HTTPS then?
If you had been a cloudflare-blogger user for a while now, I am aware you are going to ask me what would you do for HTTPS. Blogger itself supports HTTPS for custom domains which I hope should help. Kindly checkout and let me know.

Finally, if you want to know more about debugging custom domain related issues, check out my article below,
How to Blog?: Common issues where custom domain is involved. 
(Image courtesy - lifewire.com & aws.amazon.com) 

Comments

  1. I just wanna say. This tips is very good. I want to try cloudflare on my site.

    ReplyDelete
    Replies
    1. Hi Afriant,

      Cloudflare for HTTPS redirect is not to be done. That is what the article is totally about. However you could try using cloudflare for other tools if that helps.

      Thank you for your comments.

      Delete
  2. Just subscribed this blog waiting for more posts :)

    ReplyDelete
    Replies
    1. Hi Azulnauta,

      Thanks for subscribing. I just discovered your comment. You can keep seeing blog articles now and then here-on :-)

      Delete
  3. DNS redirects shouldn't be visible to the browser, since it all happens on the back-end, so this is a little bit confusing.

    ReplyDelete
    Replies
    1. DNS redirects are supposed to be happening in the back-end but when it happens through cloudflare, it has it's disadvantages.

      Delete
  4. Replies
    1. Hi there, am just checking comments. Sorry for the late reply. Hi. Is there anything I can help you with?

      Delete
  5. Good morning

    ReplyDelete

Post a Comment

People also read,

How to secure your Google account and Blogger blog?

As a part of contributions to NCSAM, I am writing this article down on what all should we be aware of with respect to Google's security aspect and how to make sure your blog stays yours forever. What is NCSAM? It's National Cyber Security Awareness Month which is observed during the month of October every year in America. However, we all know cyber security is a world topic and is not limited to just the USA. So let me give some tips with respect to keeping the Google account safe and Blogger blogs safe from hackers. As I secure my account, I hope you people catch up too. In this blog post, I am going to tell about the following, Securing your Google account. Securing your Blogger blog. Securing your Google account Since Blogger is also part of your Google account, let's first see what all we need to do to keep our Google account safe. Don't share your password to anyone. Keep changing your password every 60 - 90 days. Make sure your password is str

Blogger Tweak - Open external links in new tab automatically

So, once upon a time, a really long while ago, I tried to customise and recreate a Blogger template which is not available anymore, but there's one thing I remember about it. I had a jQuery code written to make all the external links open in new tab. I also thought, it's about time I revive that idea and write a more intact code and here we go.  So, there are two things to do.  Add Javascript code that detects external links and opens them in new tab. Add a CSS code to let users know that a particular link is going to be opened in new tab. Adding a javascript code Please follow the instructions below, Go to https://blogger.com  dashboard Navigate to Themes > click the down arrow near "Customize" and then click on Edit HTML. Now scroll to the very end and paste the following code just before </body> tag. <script type='text/javascript'> document.body.addEventListener(&quot;mousedown&quot;,function(event){       if(event.target.tagNa