Forum Discussion
Kanghis_23583
Nimbostratus
Nimbostratushttps to http redirect
It turns out after introducing an client ssl profile to our LTM, my site is breaking at specific points due to some encrypted ajax calls to the server that cannot be deciphered. What would be the reccommened approach to encrypting everything but those problematic pages? Luckily, the site impact has been isolated to the registration section only. Any helpf for this BIG-IP neophyte would be greatly appreciated.
1 Reply
hoolioCirrostratus
It might be cleanest to troubleshoot why you're seeing errors when encrypting all the traffic. You might be able to fix the errors by removing absolute references to HTTP from within the page content. To make changes to the HTTP content, you can use a stream profile (Click here). To make changes to the HTTP headers, you can use the HTTP::header commands (Click here).
If you do try to serve some of the content via HTTP and some via HTTPS, there are a few potential issues:
- It's likely that the browser will generate an insecure content warning if you're referencing HTTP content within a document that the client requested over HTTPS.
- If you redirect from HTTPS to HTTP, some browsers will generate a warning that the client is being redirected from a secure to non-secure connection.
- Lastly, if the user is submitting a request with their personal info, new username (and password?), it might be one area of the app you would want to secure with HTTPS.
If you want to try encrypting all traffic, could you provide more detail on what in the requests is failing?
Else, if you want to go with selective encryption, I imagine you would need to modify the HTTP headers and/or page content being sent back to the clients to indicate they should request specific content via HTTP.
Once you provide more detail on what you'd like to do, we can provide some pointers for how to do it.
Aaron
