Redirect admin area requests to HTTPS

Create a redirect rule to redirect requests for the administration area of store.example.com to HTTPS, keeping the original path and query string.

This example dynamic redirect for zone example.com will redirect requests for the administration area of a specific subdomain (store.example.com) to HTTPS, keeping the original path and query string.

Example

When incoming requests match

Field: SSL/HTTPS
Value: Off

And

Field: Hostname
Operator: equals
Value: store.example.com

And

Field: URI Path
Operator: starts with
Value: /admin

If you are using the Expression Editor, enter the following expression:
(not ssl and http.host eq "store.example.com" and starts_with(http.request.uri.path, "/admin"))

Then

Type: Dynamic
Expression: concat("https://", http.host, http.request.uri.path)
Status code: 301
Preserve query string: Enabled

The rule includes SSL/HTTPS: Off (not ssl in the rule expression) to avoid redirect loops.

For example, the redirect rule would perform the following redirects:

Request URL	Target URL	Status code
`http://store.example.com/admin/products/`	`https://store.example.com/admin/products/`	`301`
`https://store.example.com/admin/products/`	(unchanged)	n/a
`http://store.example.com/admin/?logged_out=true`	`https://store.example.com/admin/?logged_out=true`	`301`
`http://store.example.com/?all_items=true`	(unchanged)	n/a
`http://example.com/admin/`	(unchanged)	n/a

Cloudflare Dashboard Discord Community Learning Center Support Portal