Forum Discussion

meena_60183's avatar
meena_60183
Icon for Nimbostratus rankNimbostratus
Apr 03, 2009

http to https redirect - still non-secure items

Hi All,

 

 

I have added couple of web portal servers for SAP on LTM. SSL termination is configured on the LTM and the backend connection to the servers are in clear text. I also configured http -> https redirection. There are some absolute http references on the page and so I used a stream profile to convert all http to https references.

 

 

Even after that, when clients use IE browser, it keeps displaying the warning message "This page contains secure and nonsecure items. Do you want to display the nonsecure items?". I understand that this is IE's default browser setting but it will be hard to educate every client to change the settings. I just want to find the root cause of what is causing this pop-up window and fix it if possible.

 

 

It does not happen with firefox browsers. When I used fiddler to see the Get requests, I see that it contains some absolute http references to static html pages. I do not understand why the stream profile does not convert this to https.

 

 

Any ideas on how I can fix this problem?

 

 

Meena
config
design
  • dennypayne's avatar
    dennypayne
    Icon for Employee rankEmployee
    Apr 03, 2009
    Hi Meena,

     

     

    Are those references in the payload or the headers? A stream profile won't change headers.

     

     

    You can try creating a custom http profile for the vip that has "Rewrite Redirects" set to "Matching" or "All" and see if that will catch those references.

     

     

    Denny
  • meena_60183's avatar
    meena_60183
    Icon for Nimbostratus rankNimbostratus
    Apr 04, 2009
    It was set to "matching" previously. I changed it to "all" now.

     

     

    Still I am getting the popup window about nonsecure items on the page. The only http reference I see is a static image on the page which is a welcome logo.

     

     

     

    Meena
  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Apr 06, 2009
    Hi Meena,

     

     

    It would be ideal if you could configure the SAP application to either use relative references, or if that's not possible, https:// absolute references.

     

     

    If this can't be done, as Denny suggested you could use a stream profile and STREAM::expression to configure the stream filter. There are a few examples on the STREAM::expression wiki page (Click here). If the string you're replacing is a different length than the replacement string, you'll need to create a custom HTTP profile with response chunking set to rechunk. This gets around a mismatch in content length as chunked responses don't use a content length header.

     

     

    Aaron