Forum Discussion

SP_266134's avatar
SP_266134
Icon for Nimbostratus rankNimbostratus
Nov 30, 2017

SSL Offloading and web site becoming insecure - mixed content {http and https }are being delivered.

I have configured a VIP to have handle 443 traffic using client side ssl . My VIP goes like this. 1.Service port 443 https 2.http profile http 3.ssl profile client – custom client cert that I imported 4.I rule a.when HTTP_REQUEST { b. HTTP::header insert "X-Forwarded-Proto" "https"; c.} There are two back end Nodes serving IIS and web site hosted at port 80. With a host header a.com When I hit the browser with a.com it goes to https://www.a.com all looks file except the browser says mixed content is delivered. The pages do not have https in the head tag of html that is making the browser not trust completely. back end nodes i did not install the ssl server certificate What am I missing? How do I make the web site trust with ssl? Any pointer is appreciated.

 

2 Replies

  • If the HTML your web site produces includes static references to http URLs (as is often the case with various tags that can reference external sources for CSS, JS, etc.), that can be a problem in an SSL offload scenario. Fortunately, there are many solutions available to you on the BIG-IP system. For example, you could use a STREAM profile with iRule STREAM commands to conditionally change the HTML content on the response if it contains URLs. You have to be careful as STREAM impacts the entire HTTP payload. Another alternative would be to just parse the response payload yourself (without STREAM) and make selective replacements. An HTML profile may also work for you.

     

     

    You could also modify the HTML on the server to replace the HTTP URLs to HTTPS. Without seeing the actual code, it's hard to assess just what solution will work the best for you.

     

     

  • I choose to use Steam and Irule for stream. Thanks and it solved the problem.