Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
Answers

Is stream irule is necessary to fix mixed content issue?

Hi

I've perform ssl offload (http vs+redirect irule & https vs+offload) many website and see many which have mixed content issue.

Is stream irule is necessary and only way to fix mixed content issue?

The thing is when we see mixed content. we will use stream irule and most of the time, It's working fine.

But sometimes website will have new issue arise due to stream irule. (when take it out, it working fine. but we still have to click accept content from browser due to mixed content problem)

Thank you Ker

0
Rate this Question
Comments on this Question
Comment made 26-Jun-2018 by Ngutierrez31 324

If the content is served via 3xx redirects then you can use the built in LTM functionality as described here: https://devcentral.f5.com/articles/rewriting-redirects

In addition, the irule described below is doing the same thing but provides further granularity:

https://devcentral.f5.com/questions/f5-ssl-offload-redirects-traffic-back-in-http-format

0

Answers to this Question

placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

@Ngutierrez31

Problem is mixed content is occur when HTTP 200 response and in it's payload contains http:// reference.

Even we change 304 location from http:// to https://. Mixed content will still occur.

So We have to change every "http://"; reference in HTTP payload to "https://";. Normally you will think of stream irule. but it's also the question, Is it necessary to use stream irule?

Ker

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Hi

regarding mixed-contents. Bigip does not need to be involved in the problem.

except for redirection. for redirection, bigip can solver but I took too many resource.

All of problem can solve changing server`s source code.

If server can`t change code, bigip "help" to solve problem.

0
placeholder+image
USER ACCEPTED ANSWER & F5 ACCEPTED ANSWER

Being that the mixed content you describe is attributed to absolute URL's in the html response, an alternative to the steam profile is this ProxyPass irule that the redirect white paper hints at:

https://devcentral.f5.com/articles/rewriting-redirects

If absolute self-referencing links are embedded in the HTTP payload, you may need to build and apply a stream profile to perform the appropriate replacements. An iRule could also be used for more complex payload replacements if necessary. For the ultimate in redirect rewriting and all other things HTTP proxy, I direct your attention to the legendary ProxyPass iRule (https://devcentral.f5.com/wiki/default.aspx/iRules/ProxyPass.html) contributed to the DevCentral codeshare by Kirk Bauer (thanks, Kirk, for a very comprehensive & instructive example!

The irule has not been maintained for later versions though some users have fixed it manually (https://devcentral.f5.com/codeshare?sid=646)

The above discussion also hints at the html profile but I'm unsure if its possible in our use case.

https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm-profiles-reference-12-1-0/3.html

I have not experimented with the above html profile solution. Its success would depend on if we successfully make a match statement with the html tags. I would have to see the payload in question to speculate further. The ProxyPass irule and the html profile could easily be tested in a lab.

Good luck and please let us know.

0