Sharepoint 2013 and browser logout issue
We are using BIGIP LTM & APM 11.6.1 and have set up a Virtual server for our Sharepoint 2013 farm. The issue that we are experiencing is that if the user is using the Chrome browser, no matter whether they select "Sign Out" or just close the browser, their session stays open and the next person to visit that site is logged in with the previous users credentials. Many of our users will be logging onto this Sharepoint site from public computers so this is a huge security risk. Has anyone found a good solution to this problem that still allows users to edit documents on the site using Microsoft Word or Excel.
SEC7111 HTTP Security Compromised Generated by a JavaScript.
Hey everyone! I just ran into an issue that I haven't seen before. Let me give you some background: We have a backend web application running only on port 80 and publish this through a standard HTTPS virtual server using only a Client SSL Profile. We have also a HTTP to HTTPS VS to make sure we access the site over HTTPS. Everything is working great except for a specific function on the site. The application is used to handle internal billing and once you are done with entering your details, you can print a report. When working correctly, this should open up the report as a PDF file in a new window. This is when things go south. Apparently there is a JavaScript that helps creating this PDF file. First we get the "Internet Explorer is not showing all of the content". When accepting that we get nothing. When checking the debugging you find this: The JavaScript is generating a URL of http:// when we have an active session running on https:// and security is being jeopardized. When going to the exact URL that reports the error but changing it to https:// it works straight away. So I know what the problem is but I have no idea how to fix it. Long term would be to turn on HTTPS on the back-end server but that will take some time and we need a fix for this quite fast since they cannot print out these reports if they are not in the local office, connecting to the server directly. I tried searching through the JavaScript to see if I can find where it actually uses http:// and just using a Stream Profile change it but I have not found anything. I also tried to add a Stream Profile changing Source: http://[URL] to Target: https://[URL] but that bricked the site. Since the problem is the JavaScript, the browser won't even send the request to the F5. If it were to send the request to the F5 it would hit the iRule and get redirected to HTTPS. Do you guys have any idea?
Trying to change HTTP header User agent
Hi everyone! I am trying to log the http:header user-agent to a variable using an iRule. I am trying to log exactly what broswer the client is using:(IE, FF, Chrome). Right now, the log shows: "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)" Here is what I have so far. when HTTP_REQUEST { if {[HTTP::header "User-Agent"] contains "Firefox"} then { set user_agent "Firefox" } elseif {[HTTP::header "User-Agent"] contains "Chrome"} then { set user_agent "Chrome" } else { set user_agent "IE" log local0. "User Agent is: $user_agent" } } but the logs shows the same output. Any help would be great! Thanks everyone!
Can't pass 'Browser Add-On' validation
Hi, I've got installed Big IP Client Build/API version: 7113,2018,906,151 As of this week, when I try to 'Connect' to the VPN I am greeted with the following message: "Installation of browser add-on has failed, or security settings of your browser do not allow browser add-ons. Continue without browser add-ons." When I click on Continue without browser add-ons, I am then prompted to a message "Please update your Anti-virus Definitions as they appear to be out of date. Please update them and re-try and for further assistance please contact the IT Service Desk on XXXXXXXX quoting Error Code 30." Now, I believe the Anti-Virus message is not relevant as I have updated the definitions as I would normally do. I feel the real issue is the installation of browser add-on that is failing. If I try to go to my remote.domain.com then the browser tries to download a plugin but it won't work either. Not sure what to do while i wait for IT support of my organisation to help out. Any hint, or anything I could do at my end would be appreciated. Regards Alejandro
SSL Offload causes "warning" on browser
We're using SSL offload but have run into a problem that I can't seem to find the answer for. Our redirect and SSL offload are working. The cert is valid and we have no issues with the session setup. Our problem is that the client browser is posting a warning about non-secure content in the page because the webserver is including code that has http:/// instead of https:. There must be a simple answer to prevent this, but I can't seem to find it. Any help will be very appreciated.
