Forum Discussion

Gary_Wilhelm_34's avatar
Icon for Nimbostratus rankNimbostratus
Jun 07, 2011

Non-sensical mixed content message

I'm doing a fairly standard thing and attempting to redirect two individual URLs to HTTPS, keeping all other traffic on HTTP. Here are the two iRules I'm using (the first for HTTP traffic, the second for HTTPS traffic):





if {[string tolower [HTTP::uri]] contains "/admissions/applynow/payment" || [string tolower [HTTP::uri]] contains "/alumni/support/gift/pledge/"}


{ HTTP::respond 301 Location "https://[getfield [HTTP::host] : 1][HTTP::uri]" }


else { pool LawPool3 }








if {[string tolower [HTTP::uri]] contains "/admissions/applynow/payment" || [string tolower [HTTP::uri]] contains "/alumni/support/gift/pledge/"}


{ pool LawPool3 }


else { HTTP::respond 301 Location "http://[getfield [HTTP::host] : 1][HTTP::uri]" }





The redirecting is working as it's supposed to, but I'm continually getting mixed content messages on all HTTPS pages. The maddening thing is that tracing page requests and responses is showing only HTTPS calls for external resources (or calls via relative URL). There's absolutely no trace of a plain old HTTP request/response whatsoever. This leads me to believe there's something that's wrong with my iRules.



Any help would be much appreciated!!






4 Replies

  • Gary,



    The only time I have seen mixed content messages in a browser was when there really were non-SSL elements on the page. How are you tracing page requests? Are you using a tool like firebug to see them? I have seen javascript that made calls out over HTTP on an HTTPS page cause that message. They can be hard to find sometimes.




    I don't see anything in your rule that would lead me to believe the rule is the problem.






  • I'm using Fiddler to look at the page elements. I just checked the Javascript now, and there's nothing in there that's making an external call.



    I didn't mention that I can load exactly the same page on my test server (not behind an F5) and get no mixed content messages at all. It's almost like there's something in the HTTP request or response headers that's specific to the F5 but has no bearing on the actual content of the page.



  • Are you terminating SSL on your test server?

    You could try logging all the headers by adding something like this to your rule:

    set headers [HTTP::header names]
    foreach header_name $headers {
        log local0.debug "HTTP header $header_name: [HTTP::header $header_name]"

  • I would suggest turning off your Fiddler and using HTTPWatch for this type of problem so that you can see it in browser (Fiddler 2 steps in as a proxy so that it can see the encrypted traffic and your trying to see what is triggering the alert, so Fidder 2 might get in the way).



    The chances are pretty good that your iRule is causing the issue since your flipping HTTP and HTTPS based on URI. HTTPWatch should show you the 301's that the iRule should be showing based on your iRule.



    One possible fix act you can do is to apply a custom HTTP Profile to your HTTPS Virtual Server and enable the "Redirect Rewrite" option to Matching.