Skip to main content

Blogger HTTPS for custom domain and Cloudflare

In BHF, there was a recent issue related to cloudflare where the browser screams the site is a phishing site. So I thought of writing up how does a service like cloudflare affect your blogger blog.

What is Cloudflare?

Well we have that written all over Wikipedia. Let's go on with why Blogger users look for Cloudflare.

Anciently Blogger users used cloudflare for one simple reason. HTTPS for custom domains.

So what happens when you introduce cloudflare into your domain?
DNS Redirect.

Your custom domain will be configured with the proxy info provided by cloudflare and when the request is hit, DNS redirect happens.
DNS redirect is bad for the site's health.
A number of reasons, but the most important is that some browsers, when it detects a DNS redirection, it thinks that it is a phishing site.

What is a DNS redirect?

I am trying to explain this in easy terms. I'll try not to be too technical. When a custom domain URL is hit, usually the domain requests go to Name servers from where the browser would obtain where the domain points to.

So normally, without cloudflare, when a URL is hit,  it first goes to the respective name server to pull the DNS records. Usually to publish a blogspot address, we add 4 * A records and a CName record.

Let's consider CName alone for instance and so the mapped name is ghs.google.com. Therefore the www URL request is redirected to ghs.google.com and from there Google takes care of the publishing.

When it comes to cloudflare, when the same URL is hit, it first goes to the respective name server to pull the DNS records and turns out www URL will be mapped to an IP address provided by cloudflare. So, the request is redirected to this IP address (this is redirect number 1)

This IP address will be holding the SSL certificates required for HTTPS. Once this IP address receives the request, it redirects it to ghs.google.com or one of the four IP addresses. (this is redirect number 2)

(Please note that this is a rough idea and am not sure if just one redirect happens)

What happens when such redirects happen?
  1. Affects your search engine visibility.
  2. Becomes a suspect of phishing site sometimes.
  3. Slows down the speed of your blog as it is through a proxy server.
and so on.

What to do if the blog becomes a phishing suspect?

Three steps to follow and you'll be good,
  1. Remove cloudflare or any other such service.
  2. Setup your custom domain DNS properly with 4 * A records and a CName record.
  3. After doing the above steps, report your blog itself in this link below,
    https://safebrowsing.google.com/safebrowsing/report_error/?hl=en
What do we do for HTTPS then?

If you had been a cloudflare-blogger user for a while now, I am aware you are going to ask me what would you do for HTTPS. Blogger itself supports HTTPS for custom domains which I hope should help. Kindly checkout and let me know.

Finally, if you want to know more about debugging custom domain related issues, check out my article below,
How to Blog?: Common issues where custom domain is involved. 

(Image courtesy - lifewire.com & aws.amazon.com) 

Comments

Feeds for you

Blogger in Draft says "Try the new Blogger!"

It's been long time that I wrote something here. Interestingly there seems to be a new update in Blogger in Draft (https://draft.blogger.com).

Common issues where custom domain is involved.

In BHF, one of the common issues we face is setting up custom domain. We already have a lot of information on how to setup a custom domain. So I am going to go ahead and write on the troubleshooting tips for custom domain.

This article is dedicated to +Chuck Croll  who has been/is a great mentor to me  since the beginning.

So let's start with the first and foremost golden rule of Custom domain troubleshooting.
Any issue where you have custom domains involved, first check if the custom domain is setup properly.