Forum Discussion

fmak_31011's avatar
fmak_31011
Icon for Nimbostratus rankNimbostratus
Aug 30, 2007

http --> https redirect for Popup Windows

I've got a unique problem. At least I think it's unique since I've searched the forum and have not come across this scenario or issue.

 

 

There is an iRule to do http --> https redirect. I've also created a stream profile with rechunking

 

 

 

 

The iRule and stream profile seem to work fine in general with the exception of popup windows (calendars, lookups, etc.). A Security Information window pops up and says "This page contains both secure and nonsecure items.

 

Do you want to display the nonsecure items?"

 

 

Looking at the source code from the jsp page it appears to be sending the request to the "http" site instead of the "https" site.

 

 

application delivery
dev
devops
iRules

2 Replies

Sort By
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    Sep 04, 2007
    Is the response data being compressed? If so, LTM wouldn't see the HTML within the HTTP payload. Check this post for details (Click here).

     

     

    Else, is there anything different about the responses that the replacement isn't being done on? The stream profile should work to rewrite any packet data (as opposed to headers).

     

     

    Aaron
  • fmak_31011's avatar
    fmak_31011
    Icon for Nimbostratus rankNimbostratus
    Sep 05, 2007
    Thanks for the reply Aaron.

     

     

    I tried the "Click here" link, but it doesn't find the page. Please repost it if you can. There isn't any compression on the web server side and we haven't enabled compression on the LTM yet. So I'm pretty sure that there is no compression going on.

     

     

    The URL that is on the source page is dynamically generated based on the URL that you used to get to the page. Therefore, http://mydomain.com , http://myappserver1:8080, etc. I guess the issue is, the application server is not inherently doing HTTPS/SSL and recognizes that the URL is http://mydomain.com so that is what is being inserted in the popup windows string. But as you mentioned, the stream profile should replace this "http" string with "https". I'll try to dig deeper, but any ideas are greatly appreciated.

     

     

    Thanks again,

     

     

    Fmak