Forum Discussion

Gary_Wilhelm_34's avatar
Gary_Wilhelm_34
Icon for Nimbostratus rankNimbostratus
Jun 07, 2011

Non-sensical mixed content message

I'm doing a fairly standard thing and attempting to redirect two individual URLs to HTTPS, keeping all other traffic on HTTP. Here are the two iRules I'm using (the first for HTTP traffic, the second for HTTPS traffic):

 

 

when HTTP_REQUEST {

 

if {[string tolower [HTTP::uri]] contains "/admissions/applynow/payment" || [string tolower [HTTP::uri]] contains "/alumni/support/gift/pledge/"}

 

{ HTTP::respond 301 Location "https://[getfield [HTTP::host] : 1][HTTP::uri]" }

 

else { pool LawPool3 }

 

}

 

 

 

when HTTP_REQUEST {

 

if {[string tolower [HTTP::uri]] contains "/admissions/applynow/payment" || [string tolower [HTTP::uri]] contains "/alumni/support/gift/pledge/"}

 

{ pool LawPool3 }

 

else { HTTP::respond 301 Location "http://[getfield [HTTP::host] : 1][HTTP::uri]" }

 

}

 

 

The redirecting is working as it's supposed to, but I'm continually getting mixed content messages on all HTTPS pages. The maddening thing is that tracing page requests and responses is showing only HTTPS calls for external resources (or calls via relative URL). There's absolutely no trace of a plain old HTTP request/response whatsoever. This leads me to believe there's something that's wrong with my iRules.

 

 

Any help would be much appreciated!!

 

 

Gary

 

 

application delivery
dev
devops
iRules

4 Replies

Sort By
  • richard_77048's avatar
    richard_77048
    Icon for Nimbostratus rankNimbostratus
    Jun 07, 2011
    Gary,

     

     

    The only time I have seen mixed content messages in a browser was when there really were non-SSL elements on the page. How are you tracing page requests? Are you using a tool like firebug to see them? I have seen javascript that made calls out over HTTP on an HTTPS page cause that message. They can be hard to find sometimes.

     

     

     

    I don't see anything in your rule that would lead me to believe the rule is the problem.

     

     

     

    Richard

     

  • Gary_Wilhelm_34's avatar
    Gary_Wilhelm_34
    Icon for Nimbostratus rankNimbostratus
    Jun 07, 2011
    I'm using Fiddler to look at the page elements. I just checked the Javascript now, and there's nothing in there that's making an external call.

     

     

    I didn't mention that I can load exactly the same page on my test server (not behind an F5) and get no mixed content messages at all. It's almost like there's something in the HTTP request or response headers that's specific to the F5 but has no bearing on the actual content of the page.

     

     

    Gary
  • richard_77048's avatar
    richard_77048
    Icon for Nimbostratus rankNimbostratus
    Jun 07, 2011
    Are you terminating SSL on your test server?

    You could try logging all the headers by adding something like this to your rule: 

    
set headers [HTTP::header names]
foreach header_name $headers {
    log local0.debug "HTTP header $header_name: [HTTP::header $header_name]"
}

    Richard
  • Michael_Yates's avatar
    Michael_Yates
    Icon for Nimbostratus rankNimbostratus
    Jun 08, 2011
    I would suggest turning off your Fiddler and using HTTPWatch for this type of problem so that you can see it in browser (Fiddler 2 steps in as a proxy so that it can see the encrypted traffic and your trying to see what is triggering the alert, so Fidder 2 might get in the way).

     

     

    The chances are pretty good that your iRule is causing the issue since your flipping HTTP and HTTPS based on URI. HTTPWatch should show you the 301's that the iRule should be showing based on your iRule.

     

     

    One possible fix act you can do is to apply a custom HTTP Profile to your HTTPS Virtual Server and enable the "Redirect Rewrite" option to Matching.