vADC Forum

Reply
Occasional Contributor
Posts: 5
Registered: ‎08-26-2015

SSL Decryption

In the process of setting up my vTM's to do SSL Decryption websites and moving the certs off my individual backend servers.

 

Everything is working, except Firefox, Chrome, Edge, IE etc are all showing limited content:

 

"Some unencrypted elements on this page have been blocked"

 

Do I need a response script to rewrite the "http://" - > "https://"

 

The test site is running a default install of wordpress and I've set the wordpress url to the be "https://"

 

Am I missing something?

Occasional Contributor
Posts: 5
Registered: ‎08-26-2015

Re: SSL Decryption

Okay so after some digging around I was able to find a script that will rewrite the response headers from http: -> https:

 

$url = http.getResponseHeader( "Content-Type" );  
   
if( !string.startsWith( $url, "text/html" ) ) break;  
   
$response = http.getResponseBody();  
   
$response = string.replaceAll( $response,   
  "http://", "https://" );  
   
http.setResponseBody( $response );

But I still get a blocked message showing up when I go to a VS that is doing SSL Decryption.

 

If a go to a site that is NOT using SSL Decryption I don't get any warnings that "Only secure content is being displayed"

 

Still something missing either in the response script or a setting somewhere.

 

Anyone else running into this?

 

 

Brocadian
Posts: 1
Registered: ‎08-02-2010

Re: SSL Decryption

[ Edited ]

Hello,

 

your script only looks for Content Type "text/html".

 

Maybe your server returns e.g. the XHTML content types, so the script would not activate?

-> http://www.w3.org/TR/xhtml-media-types/#media-types

 

Maybe you check in our browser (F12 developer tools, etc.), what content type your server is responding with, could be

application/xhtml+xml or application/xml as well.

 

Then add a log.info() command at the end with some debug notes, so you can be sure, that your script actually is active, as you can see the log in the vTM event log.

 

I also would limit the search/replace string to e.g. "http://www.example.com", including the hostname, because your script replaces *every* "http://", also the ones pointing to external sites, so the script replaces way too much.

 

J.Luksch

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.