Forum Discussion
NimbostratusSecure only login page and leave the rest of website as http
We want to secure a website by having F5 doing SSL offload. However, the web content has many http references and the browser complains about mixed content, specifically,
Mixed Content: The page at 'https://whatever.com/page/' was loaded over HTTPS, but requested an insecure resource 'http://btn.weather.ca/weatherbuttons/template7.php?placeCode=CAONPOI2155193&category0=Schools&containerWidth=180&btnNo=&backgroundColor=blue&multipleCity=0&citySearch=0&celsiusF=C'. This request has been blocked; the content must be served over HTTPS.
Is it possible to use F5 to secure only the login page and leave everything else as http? The web content is user updated and we do have control to change all the http references and redirects to https. Also some calls for resources only have the resource available on http and not https.
Young_25175Sorry, correction:
The web content is user updated and we do NOT have control to change all the http references and redirects to https.
- P_K
Altostratus
You might want to look for an iRule that enables stream profile replacing http with https at the login page based on uri and replace https with http for rest of the traffic.
https://support.f5.com/csp/article/K8115
johnbernardcheuCirrus
Not possible unless you know content can be served via https...I had a go of your link and it cannot be served via https....see the link for additional info: https://devcentral.f5.com/questions/allowing-mixed-content-via-an-irule
On the other hand, if you have access to the website where the login is happening you could program the code to redirect to a non-https site...see the link for additional info: https://security.stackexchange.com/questions/36614/how-is-an-https-login-secure-when-pages-use-http
