Secure only login page and leave the rest of website as http

Question

We want to secure a website by having F5 doing SSL offload.  However, the web content has many http references and the browser complains about mixed content, specifically,&nbsp;
Mixed Content: The page at 'https://whatever.com/page/' was loaded over HTTPS, but requested an insecure resource 'http://btn.weather.ca/weatherbuttons/template7.php?placeCode=CAONPOI2155193&amp;category0=Schools&amp;containerWidth=180&amp;btnNo=&amp;backgroundColor=blue&amp;multipleCity=0&amp;citySearch=0&amp;celsiusF=C'. This request has been blocked; the content must be served over HTTPS.&nbsp;
Is it possible to use F5 to secure only the login page and leave everything else as http?
The web content is user updated and we do have control to change all the http references and redirects to https.  Also some calls for resources only have the resource available on http and not https.&nbsp;

young_25175 · Answer

Sorry, correction:&nbsp;
The web content is user updated and we do NOT have control to change all the http references and redirects to https. &nbsp;

p_k · Answer

You might want to look for an iRule that enables stream profile replacing http with https at the login page based on uri and replace https with http for rest of the traffic.  
&nbsp;
https://support.f5.com/csp/article/K8115&nbsp;

johnbernardcheu · Answer

Not possible unless you know content can be served via https...I had a go of your link and it cannot be served via https....see the link for additional info:
https://devcentral.f5.com/questions/allowing-mixed-content-via-an-irule&nbsp;
On the other hand, if you have access to the website where the login is happening you could program the code to redirect to a non-https site...see the link for additional info: https://security.stackexchange.com/questions/36614/how-is-an-https-login-secure-when-pages-use-http&nbsp;

Forum Discussion

Secure only login page and leave the rest of website as http

3 Replies

Recent Discussions

Open Redirection Mitigation

F5Access | MacOS Sonoma

enable tls1.2 on management interface on F5 ltm running version 10.x

[ASM] - what is "Browser Challenge file" ?

SMS server with BIGIP

Related Content

Using ChatGPT for security and introduction of AI security

Troubeshooting website connection

Auditing Security Policy Updates

HTTP Multipart and Security Implications

Minimizing Security Complexity: Managing Distributed WAF Policies