For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

bkulawiak_10352's avatar
bkulawiak_10352
Icon for Nimbostratus rankNimbostratus
Feb 19, 2015

https redirect and ssl offload

I have a new site which I set up so that all http requests get redirected to https and does ssl termination at the f5. this seems to be working initially. the http request is terminated, redirects to https, I see http responses in the server log and returns http back to the page, however im getting the mixed content error. after more research it appears form within the returnd page there are dozens of: Mixed Content: The page at 'https://test.com/' was loaded over HTTPS, but requested an insecure script 'http://test.com/media/adobe/core/visitorapi.js'. This request has been blocked; the content must be served over HTTPS.

 

Ive turned off oneconnect and played around with client and server ssl allowing mixed connections but cannot seem to be able to allow it to run the scripts. any help in pointing in the right direction would help.

 

application delivery
design
devops
iApps
iRules
LTM
microsoft

3 Replies

  • giltjr's avatar
    giltjr
    Icon for Nimbostratus rankNimbostratus
    Feb 19, 2015

    Can you post your iRule? It sounds like you are redirecting for a single specific URI instead of anyall URI's.

    The other thing you might be able to do is setup a stream profile so that on any/all HTTP response you replace http://test.com with https://test.com.

    You can do something like belows. If you have two virtual servers, one for http and one for https, you need to use this this on both of them.

    when CLIENT_ACCEPTED {
        if {[TCP::local_port] eq 443 } {set SSL 1} else {set SSL 0}
    } 

when HTTP_REQUEST {
        if {!$SSL} {
            HTTP::respond 302 Location "https://[HTTP::host][HTTP::uri]"
        }
    }

when HTTP_RESPONSE {
    STREAM::disable
    STREAM::expression "(http|HTTP)://test\.com/https://test\.com/"
    STREAM::enable
    }
  • Mark_Harris_608's avatar
    Mark_Harris_608
    Icon for Cirrus rankCirrus
    Feb 19, 2015

    Not sure you can do much in LTM given you are redirecting to HTTPS from HTTP. If HTTP was also available this would work, but it looks like you want it to default to SSL. You could try to do URL replacement with an iRule and replace all "HTTP:" with "HTTPS:" on response, but another option is just to change the references in the application. Here's one way to do it below:

     

    1. Start Fiddler.
    2. Clear the browser cache.
    3. Press CTRL+F5 to reload the page.
    4. In Fiddler, click the Protocol column to sort by requests by protocol.
    5. Determine which URLs have been delivered using HTTP.
    6. Eliminate the use of those HTTP URLs or update any secure redirectors pointing to HTTP resources.