Forum Discussion

kridsana's avatar
kridsana
Icon for Cirrocumulus rankCirrocumulus
Jun 26, 2018

Is stream irule is necessary to fix mixed content issue?

Hi

 

I've perform ssl offload (http vs+redirect irule & https vs+offload) many website and see many which have mixed content issue.

 

Is stream irule is necessary and only way to fix mixed content issue?

 

The thing is when we see mixed content. we will use stream irule and most of the time, It's working fine.

 

But sometimes website will have new issue arise due to stream irule. (when take it out, it working fine. but we still have to click accept content from browser due to mixed content problem)

 

Thank you Ker

 

application delivery
devops
iRules
LTM
mixed
mixed content
offload
stream

4 Replies

Sort By
  • kridsana's avatar
    kridsana
    Icon for Cirrocumulus rankCirrocumulus
    Jun 27, 2018

    @Ngutierrez31

     

    Problem is mixed content is occur when HTTP 200 response and in it's payload contains http:// reference.

     

    Even we change 304 location from http:// to https://. Mixed content will still occur.

     

    So We have to change every "; reference in HTTP payload to ";. Normally you will think of stream irule. but it's also the question, Is it necessary to use stream irule?

     

    Ker

     

  • swjo_264656's avatar
    swjo_264656
    Icon for Cirrostratus rankCirrostratus
    Jun 27, 2018

    Hi

     

    regarding mixed-contents. Bigip does not need to be involved in the problem.

     

    except for redirection. for redirection, bigip can solver but I took too many resource.

     

    All of problem can solve changing server`s source code.

     

    If server can`t change code, bigip "help" to solve problem.

     

  • I_R_101_110's avatar
    I_R_101_110
    Icon for Cirrus rankCirrus
    Jun 29, 2018

    Being that the mixed content you describe is attributed to absolute URL's in the html response, an alternative to the steam profile is this ProxyPass irule that the redirect white paper hints at:

     

    https://devcentral.f5.com/articles/rewriting-redirects

     

    If absolute self-referencing links are embedded in the HTTP payload, you may need to build and apply a stream profile to perform the appropriate replacements. An iRule could also be used for more complex payload replacements if necessary. For the ultimate in redirect rewriting and all other things HTTP proxy, I direct your attention to the legendary ProxyPass iRule (https://devcentral.f5.com/wiki/default.aspx/iRules/ProxyPass.html) contributed to the DevCentral codeshare by Kirk Bauer (thanks, Kirk, for a very comprehensive & instructive example!

     

    The irule has not been maintained for later versions though some users have fixed it manually (https://devcentral.f5.com/codeshare?sid=646)

     

    The above discussion also hints at the html profile but I'm unsure if its possible in our use case.

     

    https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm-profiles-reference-12-1-0/3.html

     

    I have not experimented with the above html profile solution. Its success would depend on if we successfully make a match statement with the html tags. I would have to see the payload in question to speculate further. The ProxyPass irule and the html profile could easily be tested in a lab.

     

    Good luck and please let us know.