Summary: Cloudflare has ceased all HTTP connections for its API, now requiring secure HTTPS connections only. This change aims to eliminate the risks of sensitive data exposure through unencrypted requests, particularly on public networks. Consequently, any existing HTTP-based integrations will cease to function immediately, with Cloudflare recommending users transition to HTTPS.
Affected: Cloudflare API (api.cloudflare.com)
Keypoints :
- Cloudflare completely rejects unencrypted HTTP connections to enhance security.
- The API is primarily used for managing Cloudflare services like DNS, firewall settings, and DDoS protection.
- Legacy systems and tools relying on HTTP will fail, while a new option to disable unsafe HTTP traffic for websites is anticipated by year-end.
- Cloudflare estimates that about 2.4% of Internet traffic through its system is still HTTP, a figure that rises to nearly 17% when including automated traffic.