[checked] Enable HTTPS-Only Mode in all windows
No https for:
www.google.com/ 142.250.75.35:http
Delete all of the librewolf folders, restart.
Open the browser and there is 1 ip that is not https:
http://104.18.20.226/
Error 1003 Ray ID: 962b6656db528ca3 • 2025-07-21 14:31:03 UTC
Direct IP access not allowed
What happened?
I checked the Manage Exceptions and the ip '104.18.20.226' was in the list of exceptions.
How is that posssible on an appimage? Is it baked in or added after?
You've requested an IP address that is part of the Cloudflare network.
How is Cloudflare bypassing https everywhere in the browser?
If this is doing this for Google, then my sign ins may be visible, passwords in the clear. Great Googly Moogly.
Edit:
I checked the Manage Exceptions and the ip '104.18.20.226' is in the exceptions list.
I'm using an appimage. How did it get in the exception list? Was it baked in or added after the fact?
Cloudflare seems to act as a man in the middle for https and it seems to ignore the fact that my local nginx certificate chain is out of date. If I visit http://site cloudflare seems to just move it to https, but I am not an expert and someone else changed the dns to get cloudflare to handle some robot attacks.
One of the http entries is for Connman, so it can determine connection status, from READY to ONLINE.
I don't like this because anyone monitoring the packets on the network can identify when I connect to the network.
To solve this, I would have to use a solution that doesn't phone home every time I connect to the internet.
The other entries aren't making sense to me. www.google.com, Fastly, and Cloudflare.
Why are these non-secure ip's making connections when I run Librewolf?
Put "OnlineCheckMode = none" in /etc/connman/main.conf