Technical Forum
Ask questions. Discover Answers.
cancel
Showing results for 
Search instead for 
Did you mean: 
Custom Alert Banner

f5 mixed contents and block images

AhmadJ
Altostratus
Altostratus

Hi

i created HTTPs VS for our website but then i got Mixed content error i solved that issue by applying stream profile and i applied also this irule

when HTTP_REQUEST {
# Disable the stream filter for all requests
STREAM::disable
# LTM does not decompress response content, so if the server has compression enabled
# and it cannot be disabled on the server, we can prevent the server from
# sending a compressed response by removing the compression offerings from the client
HTTP::header remove "Accept-Encoding"
}
when HTTP_RESPONSE {
# Check if response type is text
if {[HTTP::header value Content-Type] contains "text"}{
# Replace http:// with https://
STREAM::expression {@http://@https://@}
# Enable the stream filter for this response only
STREAM::enable
}
}

but now not all images are loaded through F5 like svg or png

so again i applied

when HTTP_REQUEST {
# Disable the stream filter for all requests
STREAM::disable
}

when HTTP_RESPONSE {
# Check if response type is text, javascript, svg, or other images
if {[HTTP::header value Content-Type] contains "text" || [HTTP::header value Content-Type] contains "javascript" || [HTTP::header value Content-Type] contains "svg" || [HTTP::header value Content-Type] contains "jpeg" || [HTTP::header value Content-Type] contains "png" || [HTTP::header value Content-Type] contains "gif"} {
# Replace http:// with https://
STREAM::expression {@http://@https://@}
# Enable the stream filter for this response only
STREAM::enable
}
}

but still have issue

Any idea please

9 REPLIES 9

whisperer
Nacreous
Nacreous

What are you trying to accomplish? If the origin servers are returning a response with http urls and you want to rewrite to https, you may be better off simply proxying https on the client side of the virtual IP and communicating with the origin (server side) via HTTP.

Usually, when I do HTTP response rewrites like this, it is when there is an ancient or broken server that uses absolute paths with the inside non routeable IP address as the host. However, in this case, I generally would not filter on the content-type because there would be a few -- lots of elements being loaded by a single HTTP page -- generally text, various images, and perhaps some hosted files like PDFs.

thank you polskikrol for your reply

i am trying to configure https VS on F5 also the communication betwen VS and backend is with http

the issue that i have images not loading

the above irules i got it from my.f5.com/manage/s/article/K31100432

Did you look at the web page source to see how the URLs are written? Can you provide an example. In particular, how the image html tag src target is coded from the origin server. Once you have this, one can make a decision based on the issue -- fix on origin server, or have the F5 transform the src reference.

AhmadJ_0-1685089520870.png

as you can see from above, the url for this service using https through F5 this image which is in the screenshot is .png and it is not loading but we have another image with same .png and loading fine

AhmadJ_1-1685090106473.png

same issue with other extensions like svg

i tried to access the above by using the HTTP server URL directly and all working fine but with F5 it is not working

whisperer
Nacreous
Nacreous

Ok, do you know of the origin server is hosting everything -- pages, images, javascript, etc. -- via only HTTP? Or would some elements of the website be mixed - both HTTP and HTTPS?

If it is all HTTP, then you don't need the IF statement to check for the resource type. However, if there is a mix of resources, then you may have to selectively enable the stream substitution so that the pages are properly retrieved from origin.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

These images,js,etc.. using relative urls

Any idea please

LiefZimmerman
Community Manager
Community Manager

@AhmadJ - it looks like you didn't get resolution on your issue? Are you still having problems? Has anything changed, that you can share, to help with troubleshooting?

@LiefZimmermanThank you for your reply the issue already solved

Thank u again