Forum Discussion
Zhinjio_101470
Nimbostratus
Jun 22, 2012This page contains both secure and nonsecure items
Hey folks,
Strange situation. I wanted to validate my thoughts on this to make sure I'm not missing something.
Situation:
Client browser (IE, as it happens), is requesting a page from an application server over HTTPS. The delivered page then points to many other image/javascript resources, as you might expect. Some of these were previously being delivered from the web server in question, over HTTP (directly to an the IP address of the server).
Recently, this web server was expanded to 2 servers, and an F5 VIP put in front to load balance and improve performance/reliability. Configuration on that is almost entirely defaults for an HTTP VIP. The only change I can think of was to switch to the tcp-lan-optimized profile. All else is the same. Round Robin, no priority groups, etc etc. Everything appeared to be working fine, performance improved, mission accomplished.
However, shortly after that change, one of the QA folks mentioned that they started getting this IE popup indicating that the page contains both secure and nonsecure items (I'm sure you've seen this before). However, to my way of thinking, that was also true before, and the F5 shouldn't have introduced any change in whether that popup would appear or not.
Am I missing something? Is there *anything* the F5 could be doing that would suddenly cause this popup to appear where it wasn't before? I won't claim to understand all the possible header manipulations that are possible and how they might impact this, but my gut is telling me it has nothing to do with the F5.
They will be doing further testing today, but I thought I'd ping folks here and see if y'all had any guidance.
Thanks in advance,
- ZJ
- santosh_81454
Nimbostratus
Hi, yes you are correct, its not the F5 but the way IE works. - hoolio
Cirrostratus
As Santosh says, the simplest fix is to change the application and replace the http:// references with https:// or relative references without the protocol specified. Else, if that's not an option, you could use a stream profile and STREAM::expression iRule to rewrite the http:// references to https:// in the response payloads: - Zhinjio_101470
Nimbostratus
The traffic was always 2 separate servers. Server A dishes out the top level doc, and was always HTTPS, and then the subsequent image and script resource requests were going to Server B over HTTP. Server B is the one that is now behind a VIP. So yeah, I can't see how that behavior would have changed just for putting an F5 in there. It should *always* have had that same issue. - Zhinjio_101470
Nimbostratus
Interesting conclusion. Figured I would let you all know.
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects