http secure and nonsecure items on page

I am using this rule on a HTTPS VS, with a blank stream profile - my questions is if I am seeing "Enabled stream filter for foo.com/login.jsp" etc, and I am still getting the pop-up, does that mean that the content needs to be modified to remove any "http://" references?

 

 

I am getting multiple "Enabled.." messages, login.jsp is just one example.

 

 

Thanks

 

-L

I'd guess the http:// reference is in a header like Location in that case. If you reproduce the issue with a browser plugin like HttpFox for Firefox or Fiddler for IE, where do you see the http:// reference? If it is in the Location header value, you can use rewrite redirects on a new HTTP profile to fix this. Or you can add logic to the HTTP_RESPONSE event to check for a redirect.

 

 

Aaron

Looks like in some of the .js files, there are calls to http://flex.org and http://www.adobe.com/go/getflashplayer

 

should these be caught by the iRule above as they are in the stream?

 

 

-L

Do you see the STREAM_MATCHED event triggered on the response? If the Content-Type header value contains text, isn't compressed and contains "http://" the "http://" strings should be rewritten to https://. If the response is being compressed you could either disable compression on the server(s) or remove the Accept-Encoding header from the requests to work around this issue.

 
 when HTTP_REQUEST { 
  
    log local0. "[IP::client_addr]:[TCP::client_port]: New HTTP request to [HTTP::host][HTTP::uri]." 
    HTTP::header remove "Accept-Encoding" 
 } 
 

This assumes you actually want to rewrite the http:// references for these URLs to https://. flex.org doesn't answer requests via SSL on port 443. Requests to https://get.adobe.com/flashplayer/ are redirected to http.

Aaron

Aaron

I am only seeing log messages on the "Received Response.." and "Enabled Stream.." log lines, I do not see "Matched: [STREAM:match]" messages

 

 

 

Received response for host.domain.com/som/portal/login.jsp

 

Enabled stream filter for host.domain.com/som/portal/login.jsp, with content-type: text/html; charset=UTF-8

 

Received response for host.domain.com/som/domain/css/style_sheet_core.css

 

Enabled stream filter for host.domain.com/som/domain/css/style_sheet_core.css, with content-type: text/css

 

Received response for host.domain.com/som/domain/css/omx_core.css

 

Enabled stream filter for host.domain.com/som/domain/css/omx_core.css, with content-type: text/css

 

Received response for host.domain.com/som/domain/javascript/global_javascript.js

 

Received response for host.domain.com/som/domain/css/demologin.css

 

Enabled stream filter for host.domain.com/som/domain/css/demologin.css, with content-type: text/css

 

Received response for host.domain.com/som/domain/css/sfdc_images.css

 

Enabled stream filter for host.domain.com/som/domain/css/sfdc_images.css, with content-type: text/html

 

Received response for host.domain.com/som/domain/css/sfdc_ctas.css

 

Enabled stream filter for host.domain.com/som/domain/css/sfdc_ctas.css, with content-type: text/html

 

Received response for host.domain.com/som/domain/css/sfdc_footer.css

 

Enabled stream filter for host.domain.com/som/domain/css/sfdc_footer.css, with content-type: text/html

 

Received response for host.domain.com/som/domain/javascript/uitaglib.js

 

Received response for host.domain.com/som/domain/javascript/uipad.js

 

Received response for host.domain.com/som/domain/images/demo/trans.gif

 

Received response for host.domain.com/som/domain/images/demo/_logo.gif

 

Received response for host.domain.com/som/domain/images/alert_static.gif

 

Received response for host.domain.com/demo/trans.gif

 

Enabled stream filter for host.domain.com/demo/trans.gif, with content-type: text/html

 

Received response for host.domain.com/som/domain/images/demo/demo_planning.gif

 

Received response for host.domain.com/som/portal/login_video.jsp

 

Enabled stream filter for host.domain.com/som/portal/login_video.jsp, with content-type: text/html; charset=ISO-8859-1

 

Received response for host.domain.com/som/domain/images/demo/breakthrough.gif

 

Received response for host.domain.com/som/portal/AC_OETags.js

 

Received response for host.domain.com/som/portal/history/history.css

 

Enabled stream filter for host.domain.com/som/portal/history/history.css, with content-type: text/css

 

Received response for host.domain.com/som/portal/history/history.js

 

Received response for host.domain.com/som/portal/demologinvideo.swf

 

Enabled stream filter for host.domain.com/som/portal/demologinvideo.swf, with content-type: text/htm

 

 

 

 

I am not sure if compression is enabled on the server, this is WebLogic, I do not have compression enabled on the BigIP

 

 

-L

I will try to remove the header with Fidler - out of curiosity, what do best practices tell us about the links in the stream that point to HTTP and do not respond to HTTPS? Do we live with the warnings or is there any real workaround?

 

 

Thanks

 

-L

The best option would be to find a resource that is accessible via HTTPS and change the application to use that reference instead of the original HTTP. If that's not an option then you have to live with the insecure content warning.

 

 

Aaron

I assumed that was the answer - I guess I am going to have to guide our developers on how to remove these calls in their JS for apps the want behind SSL.

 

Thanks so much for all the helpful guidance and information.

 

 

-L