Introduction
A redirect loop occurs when a request cycles endlessly between URLs without ever reaching a final destination. In Cloudflare environments, this typically happens when multiple redirect sources conflict: Cloudflare's "Always Use HTTPS" feature, origin server HTTPS redirects, and page rule redirects can all push traffic in circles. The browser eventually stops and displays an error like "Too many redirects" or "This page isn't working." Understanding which layer initiates each redirect helps break the loop.
Symptoms
- Browser error: "Too many redirects" or "Redirect loop"
- URL cycles between http:// and https:// versions
- Site never loads, browser spinner keeps turning
- DevTools Network tab shows 301/302 chain that never terminates
- ERR_TOO_MANY_REDIRECTS error code
- Works with some URLs but loops on others
Common Causes
- "Always Use HTTPS" in Cloudflare + origin HTTP->HTTPS redirect
- SSL mode mismatch (Flexible mode with HTTPS-only origin)
- Page rule redirect conflicting with other redirects
- Origin redirecting HTTPS back to HTTP
- Origin redirecting to different hostname that redirects back
- Both Cloudflare and origin adding HTTPS redirects
- WordPress or CMS plugins adding conflicting redirects
Step-by-Step Fix
- 1.Trace the redirect chain:
```bash # Use curl to trace redirects curl -Lkv https://yourdomain.com/
# Or trace with explicit steps curl -I http://yourdomain.com/ curl -I https://yourdomain.com/
# Note each redirect destination and status code # 301 = permanent redirect # 302 = temporary redirect ```
- 1.Check Cloudflare SSL/TLS settings:
Navigate to: SSL/TLS > Overview
``` # SSL mode determines HTTP/HTTPS between Cloudflare and origin:
# Flexible: Visitor->Cloudflare = HTTPS, Cloudflare->Origin = HTTP # If origin redirects HTTP->HTTPS, loop occurs
# Full: Visitor->Cloudflare = HTTPS, Cloudflare->Origin = HTTPS # No loop if origin expects HTTPS
# Full (Strict): Same as Full, but requires valid certificate ```
- 1.Check "Always Use HTTPS" setting:
Navigate to: SSL/TLS > Edge Certificates
``` # Always Use HTTPS: Redirects all HTTP requests to HTTPS at Cloudflare edge
# If this is ON and your origin ALSO redirects HTTP->HTTPS: # Loop: HTTP request -> Cloudflare redirects to HTTPS -> # Origin receives HTTPS -> if origin redirects HTTP->HTTPS, problem
# For Flexible SSL mode with Always Use HTTPS OFF: # Visitor can reach Cloudflare via HTTP -> Cloudflare sends HTTP to origin -> # Origin redirects to HTTPS -> loop back to Cloudflare HTTP ```
- 1.Determine redirect source with direct origin test:
```bash # Test origin directly to see its redirect behavior curl -I http://YOUR_ORIGIN_IP/ -H "Host: yourdomain.com" curl -I https://YOUR_ORIGIN_IP/ -H "Host: yourdomain.com" -k
# If origin redirects HTTP->HTTPS: # - Use Full or Full (Strict) SSL mode # - Turn ON Always Use HTTPS (Cloudflare handles HTTP->HTTPS) # - Remove origin HTTP->HTTPS redirect
# If origin redirects HTTPS->HTTP: # - Remove this redirect from origin (wrong configuration) ```
- 1.Fix SSL mode for redirect loops:
``` # Scenario 1: Origin redirects HTTP to HTTPS # Solution: Use Full SSL mode # Cloudflare sends HTTPS to origin, no HTTP redirect triggered
# Scenario 2: Origin accepts HTTP only (no redirect) # Solution: Use Flexible SSL mode + Always Use HTTPS ON # Cloudflare handles HTTP->HTTPS for visitors, sends HTTP to origin
# Scenario 3: Origin accepts HTTPS only (redirects HTTP) # Solution: Use Full SSL mode + Always Use HTTPS ON # Both layers handle HTTPS, no HTTP requests to trigger origin redirect ```
- 1.Check for conflicting Page Rule redirects:
Navigate to: Rules > Page Rules
``` # Look for forwarding/redirect page rules # Check if redirect destination creates loop:
# Example problematic rule: # Pattern: yourdomain.com/* # Forwarding URL: https://yourdomain.com/ # This creates: any path -> root -> possibly redirect back
# Remove or fix conflicting page rules ```
- 1.Fix origin server redirect configuration:
```nginx # nginx: Check for problematic redirects nginx -T 2>/dev/null | grep -A5 "return 301"
# Correct HTTPS redirect: server { listen 80; server_name yourdomain.com; return 301 https://$host$request_uri; }
# BUT: Only needed if NOT using Cloudflare Full SSL mode # With Full mode, Cloudflare sends HTTPS, so no HTTP redirect needed
# Remove HTTP->HTTPS redirect if using Full SSL mode ```
- 1.Fix WordPress redirect issues:
```php // WordPress: Check settings // Settings > General > Site Address (URL) // Settings > General > WordPress Address (URL)
// Both should be HTTPS if using Cloudflare Full mode // Or HTTP if using Flexible mode
// Remove redirect plugins that might conflict // Check .htaccess for extra redirects ```
- 1.Check for hostname-based redirect loops:
```bash # Example loop scenario: # yourdomain.com -> www.yourdomain.com (via page rule) # www.yourdomain.com -> yourdomain.com (via origin)
# Test both hostnames: curl -I https://yourdomain.com/ curl -I https://www.yourdomain.com/
# Ensure both go to same destination without looping ```
- 1.Use canonical URL configuration:
```nginx # nginx: Set canonical domain, avoid double redirects server { listen 443 ssl; server_name yourdomain.com; # Main site configuration }
server { listen 443 ssl; server_name www.yourdomain.com; return 301 https://yourdomain.com$request_uri; }
# Single redirect to canonical, no further redirects ```
- 1.Test fix after changes:
```bash # Test complete redirect chain curl -Lkv http://yourdomain.com/ # Should end at single HTTPS URL, no loops
curl -Lkv https://yourdomain.com/ # Should load without redirects
# Check redirect count curl -L -s -o /dev/null -w "Redirects: %{num_redirects}\n" http://yourdomain.com/ # Should show minimal redirects (0-1) ```
Verification
After applying fixes:
- 1.
curl -L http://yourdomain.com/reaches final HTTPS URL without loop - 2.Browser loads site without "Too many redirects" error
- 3.DevTools shows single or no redirects in Network tab
- 4.SSL mode matches origin server configuration
- 5.Always Use HTTPS setting consistent with origin behavior
Related Articles
- [Cloudflare CDN troubleshooting: Fix Cloudflare Always Online Stale Html Broken Lin](cloudflare-always-online-stale-html-broken-links)
- [Cloudflare CDN troubleshooting: Cloudflare Cache Everything Rule Breaks WooCommerc](cloudflare-cache-everything-breaking-woocommerce-cart-cookies)
- [Cloudflare CDN troubleshooting: Fix Cloudflare Cache Purge Not Propagating All Edg](cloudflare-cache-purge-not-propagating-all-edge-locations)
- [Cloudflare CDN troubleshooting: Fix Cloudflare DNS Proxy Orange Cloud Blocking Ssh](cloudflare-dns-proxy-orange-cloud-blocking-ssh)
- [Cloudflare CDN troubleshooting: Fix Cloudflare Error 520 Web Server Returns Empty ](cloudflare-error-520-web-server-returns-empty-response)
<script type="application/ld+json"> { "@context": "https://schema.org", "@type": "TechArticle", "headline": "How to Fix Cloudflare Redirect Loop", "description": "Troubleshoot Cloudflare redirect loops by checking Always Use HTTPS, SSL mode, page rules, and origin server redirects.", "url": "https://www.fixwikihub.com/fix-cloudflare-redirect-loop", "publisher": { "@type": "Organization", "name": "FixWikiHub", "url": "https://www.fixwikihub.com" }, "author": { "@type": "Person", "name": "FixWikiHub Editorial Team" }, "datePublished": "2025-11-22T19:02:16.030Z", "dateModified": "2025-11-22T19:02:16.030Z" } </script>