Forum Discussion

Philip_Jonsson_'s avatar
Philip_Jonsson_
Icon for Altocumulus rankAltocumulus
Sep 12, 2018

SEC7111 HTTP Security Compromised Generated by a JavaScript.

Hey everyone!   I just ran into an issue that I haven't seen before. Let me give you some background:   We have a backend web application running only on port 80 and publish this through a stan...
application delivery
browser
javascript
LTM
ssl
RossVermette's avatar
RossVermette
Icon for Nimbostratus rankNimbostratus
Sep 12, 2018

What version are you running?

I believe you could apply a "re-write policy" on the F5 so that anything it sees from http:// rewrites the responses to https://, or you could use an irule to re-write the specific response from the javascript. If the URL is embeded in the response body, you would could use a streams profile with iRule to re-write the javascript response that has the ref.

ex: (not tested)

when HTTP_RESPONSE {
  if { HTTP::header value Content-Type] contains "text"} {
    STREAM::expression \
    "@http:@https:@"
    STREAM::enable
  }
}