Allow Mixed content on Sharepoint Via iRule

Hi Brady,

Have you updated the iRule above to replace old_text and new_text? Here's an example that would rewrite all URIs from http:// to https://.

STREAM::expression {@http://@https://@}

You'd also want to use a custom HTTP profile to rewrite redirects from http to https: https://support.f5.com/csp/article/K14775

If you try these two changes and still have issues you use developer tools on your client browser to check which responses have http:// references. Once you know which request URIs have the issue, you can figure out what updates you might need to make to the iRule to rewrite the references to https://.

If you get stuck, reply back here with an anonymized example of the response content.

Aaron

hoolio,

Thank you for reaching out to me. This is just for one URL http://abc.com. I have added the replacement text below to the irule. The https vip has the default stream profile and irule attached to it. However when browsing to this site, It still shows up with blocked content in developer mode. Users have to manually allow it in all web browsers. I am unsure of why its not working since this question has come up before and others seem to get it to work. See below for irule. The F5 should be able to offload all of the content to the user right?

when HTTP_REQUEST {

STREAM::disable

}

 when HTTP_RESPONSE {

   if { [HTTP::header Content-Type] starts_with "text/" }{

      STREAM::expression "@http://@https://@"

      STREAM::enable

   } else {

      STREAM::disable

   }

 }

Office Web Apps is the online companion to Office Word, Excel, PowerPoint, and OneNote applications. It enables users, regardless of location, to view and edit documents. Office Web Apps gives users a browser-based viewing and editing experience by providing a representation of an Office document in the browser. 

Hi Brady,

You have 2 solutions:

• use ani rule rewriting response page, with a CPU consumption around 10 times more than without rewriting (I already saw around 15 times more, and this is the same with any reverse proxy rewriting response pages), with some failures (javascript creating URL from multiple variables can't be rewritten)
• spend up to 30 minutes to change Sharepoint behavior with Alternate Access Mapping parameter according to deployment guide (https://www.f5.com/content/dam/f5/corp/global/pdf/deployment-guides/microsoft-sharepoint-2016-dg.pdf)

To optimize user experience, it is not recommended to use different URL for internal and external users.

If users in the internal network use http://sp.company.com and users On Internet use https://sp.company.com through BigIP, when a user connected with https URL want to share by email a link (starting with https://), a user connected to internal network won't be able to access it.

There are lots of issues with such deployment.

Thank you all for your input. This is the mixed content error I get below, I am thinking that this should be controlled through the F5 in this particular scenario.

Mixed Content: The page at 'https://abc.aspx' was loaded over HTTPS, but requested an insecure stylesheet 'http://abc.com/_layouts/15/1033/styles/abc.css'. This request has been blocked; the content must be served over HTTPS.