cloudflare too many redirects

We’ve all been there—typing in your own dang website, hitting Enter, and BAM: “This page isn’t working. example.com redirected you too many times.” Cue the internal scream. It’s like your site’s stuck in a hall of mirrors, bouncing between HTTP and HTTPS like a ping-pong ball on espresso. And if you’re using Cloudflare? Well, honey, that loop might just be your proxy playing tug-of-war with your origin server. The dreaded cloudflare too many redirects error ain’t just annoying—it breaks your whole site for visitors, tanks SEO, and makes you look like you don’t know which end of the server is up. But before you rage-quit tech forever, take a breath. This mess is fixable. Like, *really* fixable.

At its core, a cloudflare too many redirects loop happens when your origin server (Apache, Nginx, etc.) and Cloudflare are both trying to enforce HTTPS—but talking past each other like two stubborn mules. Here’s the usual plot twist: Cloudflare terminates SSL at the edge and sends traffic to your server over HTTP (unless you’ve set up Full or Full(strict) SSL mode). But if your server sees that incoming HTTP request and goes, “Nah, I only do HTTPS!” and redirects back to HTTPS… Cloudflare grabs it again, re-encrypts it, sends it back as HTTP, and—boom—you’re in an infinite tango. Each hop counts as a redirect, and browsers give up after ~20 loops. Classic case of good intentions gone sideways. And yep, this is 100% a cloudflare too many redirects scenario waiting to happen if configs aren’t synced.

Let’s keep it 100: Cloudflare’s not the villain here—it’s more like the well-meaning friend who “helped” you move and accidentally boxed up your coffee maker with your winter coats. The real issue? A mismatch between your **SSL/TLS setting in Cloudflare** and your **origin server’s redirect logic**. If you’ve got Cloudflare set to “Flexible” SSL (which means HTTPS → HTTP to origin), but your Apache config forces HTTPS via mod_rewrite, you’ve built a redirect merry-go-round. Same goes if you’ve enabled “Always Use HTTPS” in Cloudflare *and* have a 301 redirect rule on your server pointing HTTP → HTTPS. Double enforcement = double trouble. So no, Cloudflare didn’t break your site—you just gave it mixed signals. Time to get everyone on the same page, partner.

Before you start smashing buttons, let’s gather clues. Open your terminal and run:

curl -I http://yourdomain.com

If you see multiple Location: headers flipping between http and https, bingo—you’ve got a loop. Next, check your Cloudflare dashboard under **SSL/TLS → Overview**. What mode are you in? Flexible? Full? Full (strict)? Then peek at your origin server config: does it redirect HTTP → HTTPS unconditionally? Also, disable any caching plugins temporarily—they sometimes cache redirect headers and make debugging hell. Pro tip: use incognito mode or clear cookies when testing; sometimes session data triggers weird redirect chains. The goal? Isolate whether the loop starts at Cloudflare or your server. Once you know that, fixing your cloudflare too many redirects nightmare becomes way less guesswork.

Here’s the gospel truth: your Cloudflare SSL/TLS mode must match what your origin actually supports. Let’s break it down:

• Flexible: Cloudflare → HTTPS, Origin → HTTP. Don’t redirect HTTP → HTTPS on your server!
• Full: Cloudflare → HTTPS, Origin → HTTPS (self-signed cert OK).
• Full (strict): Cloudflare → HTTPS, Origin → HTTPS (valid CA-signed cert required).

If you’re on Flexible (common for shared hosting), your server should *accept* HTTP traffic—no redirects! Instead, use Cloudflare’s **“Always Use HTTPS”** toggle (under SSL/TLS → Settings) to handle the redirect at the edge. But if you’ve got a valid cert on your origin (like from Let’s Encrypt), switch to **Full** or **Full (strict)** and keep your server-side cloudflare too many redirects-safe redirect rules. Never, ever mix Flexible mode with server-enforced HTTPS—that’s redirect suicide.

Sometimes, the quickest way out of a cloudflare too many redirects spiral is to flip off Cloudflare’s “Always Use HTTPS” rule—especially if you’re already handling redirects on your origin server. Head to **SSL/TLS → Settings** in your Cloudflare dashboard and toggle it off. Why? Because if both Cloudflare *and* your .htaccess file are shouting “GO TO HTTPS!”, your browser gets dizzy. One enforcer is plenty. Now, if you’re using Flexible SSL, you *should* leave “Always Use HTTPS” ON and remove server-side redirects. But if you’re on Full/Full(strict), you can safely turn it OFF and let Apache or Nginx handle it. Just pick a lane and stick to it—consistency kills redirect loops dead.

If you’re running Apache and want to keep server-side HTTPS enforcement (smart move if you control the stack), you gotta teach it to trust Cloudflare’s proxy headers. Add this to your .htaccess or virtual host:

RewriteEngine On
RewriteCond %{HTTP:CF-Visitor} '"scheme":"http"'
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

This checks Cloudflare’s CF-Visitor header—if it says the original request was HTTP, *then* redirect. No blind %{HTTPS} off checks! For Nginx, use:

if ($http_cf_visitor ~ '"scheme":"http"') {
    return 301 https://$host$request_uri;
}

This way, your origin only redirects when Cloudflare says it’s safe to—avoiding loops even in Flexible mode. Nail this, and your cloudflare too many redirects gremlins vanish like morning fog.

While we’re in the neighborhood—let’s talk Error 522 (“Connection timed out”). It often shows up alongside redirect chaos because if your origin is stuck in a loop, it never actually serves content, so Cloudflare gives up waiting. But 522 can also mean your server’s firewall is blocking Cloudflare IPs, or your origin is down. First, verify your origin is live by bypassing Cloudflare (use your server’s IP directly). Then, whitelist Cloudflare’s IP ranges (docs). And if you recently changed DNS or SSL settings? Give it 5 minutes—sometimes propagation hiccups mimic 522s. Bottom line: while 522 isn’t *exactly* a cloudflare too many redirects error, they’re cousins in the family of “Cloudflare can’t talk to your server properly.”

After tweaking configs, test like your job depends on it (because, well, maybe it does). Use:

• curl:curl -H "Host: yourdomain.com" http://your-server-ip — simulates Cloudflare’s HTTP request to origin.
• Browser DevTools: Check Network tab for redirect chains.
• Why No Padlock?: Scans for mixed content or cert issues.
• Cloudflare Diagnostic Tools: Under “Origin Inspection” in dashboard.

You should see exactly **one** 301 redirect from HTTP → HTTPS—and then a clean 200 on the secure version. No loops, no timeouts, no drama. If it’s clean, go ahead and re-enable caching. A solid cloudflare too many redirects fix means your site loads fast, secure, and without making users wanna cry.

Look, wrestling with a cloudflare too many redirects loop feels like untangling Christmas lights in the dark—but it’s simpler than it seems. Match your SSL mode to your origin’s capabilities, pick *one* place to enforce HTTPS (Cloudflare *or* your server—not both), and validate with real tests. And hey, if you’re knee-deep in Apache configs, our guide on Forward HTTP to HTTPS Apache Code walks through Cloudflare-friendly rules step by step. Need broader hosting wisdom? Dive into our Hosting section. And don’t forget to bookmark the Peternak Digital homepage—we’re always here to help you dodge digital disasters before they happen.

References

• https://developers.cloudflare.com/ssl/origin-configuration/ssl-modes/
• https://support.cloudflare.com/hc/en-us/articles/115000219872-Troubleshooting-redirect-loops-from-Cloudflare
• https://httpd.apache.org/docs/2.4/mod/mod_rewrite.html
• https://www.cloudflare.com/ips/