Mixed-Content Issue
Information
Summary: |
Getting mixed content after migrating from F5. |
Environment: |
Product: LoadMaster Version: Any Platform: Any Application: Any |
Question/Problem Description: |
After migrating to the LoadMaster, one of the customer's site is complaining about Mixed-Content. |
Steps to Reproduce: | |
Error Message: | Mixed Content: The page at 'https://<URL>' was loaded over HTTPS, but requested an insecure frame 'http://<URL>'. This request has been blocked; the content must be served over HTTPS. |
Defect Number: | |
Enhancement Number: | |
Cause: | Servers are only listening on HTTP and the application needs to be ran over HTTPS with SSL termination on the LoadMaster. |
Resolution: |
Customer created a body modification rule to match on /http:\/\// and replace with https:// and applied the delete Accept-Enconding rule but no luck. - We inspected the page and saw the following message: Mixed Content: The page at 'https://<URL>' was loaded over HTTPS, but requested an insecure frame 'http://<URL>'. This request has been blocked; the content must be served over HTTPS. This seemed to be more of a header replacement rather than a body modification. Looking at the dev tools, we saw a 302 with the Location header: http://<URL> - We created a Location header replacement by going to Rules & Checking > Content Rule > New > Rule Type - Replace Header with the following fields: Header Field: Location Match String: /http:\/\/(.*)/ Value of Header Field to be replaced: https://\1 This rule will grab anything on HTTP and replace it with HTTPS. - Then, applied this rule to the VIP by going to Advanced Properties > Show Header Rules > Add as a Response Haeder and tested again and this worked as expexted. |
Workaround: | |
Notes: |
https://support.kemptechnologies.com/hc/en-us/articles/4423906696589 |