Zhinjio_101470
Jun 22, 2012Nimbostratus
This page contains both secure and nonsecure items
Hey folks,
Strange situation. I wanted to validate my thoughts on this to make sure I'm not missing something.
Situation:
Client browser (IE, as it happens), is requesting a page from an application server over HTTPS. The delivered page then points to many other image/javascript resources, as you might expect. Some of these were previously being delivered from the web server in question, over HTTP (directly to an the IP address of the server).
Recently, this web server was expanded to 2 servers, and an F5 VIP put in front to load balance and improve performance/reliability. Configuration on that is almost entirely defaults for an HTTP VIP. The only change I can think of was to switch to the tcp-lan-optimized profile. All else is the same. Round Robin, no priority groups, etc etc. Everything appeared to be working fine, performance improved, mission accomplished.
However, shortly after that change, one of the QA folks mentioned that they started getting this IE popup indicating that the page contains both secure and nonsecure items (I'm sure you've seen this before). However, to my way of thinking, that was also true before, and the F5 shouldn't have introduced any change in whether that popup would appear or not.
Am I missing something? Is there *anything* the F5 could be doing that would suddenly cause this popup to appear where it wasn't before? I won't claim to understand all the possible header manipulations that are possible and how they might impact this, but my gut is telling me it has nothing to do with the F5.
They will be doing further testing today, but I thought I'd ping folks here and see if y'all had any guidance.
Thanks in advance,
- ZJ