vADC Forum

Reply
Highlighted
Occasional Contributor
Posts: 5
Registered: ‎08-26-2015
Accepted Solution

SSL decrypt with mixed content

[ Edited ]

I thought I had this one solved but it appears not.

 

I found some older posts on the forum from @owen that talk about how to do SSL descryption.

 

For simple sites it works fine:

 

Setup : http://community.brocade.com/t5/vADC-Forum/Stingray-with-SSL-encryption/m-p/72603#U72603

Response Rule : http://community.brocade.com/t5/vADC-Docs/HowTo-Rewriting-HTTP-responses/ta-p/73946

 

I have a test wordpress site setup for testing (vTM SSL Decrypt with and apache backend)

 

I get mixed content errors and broken links (CSS won't load, etc)

 

If I generalized the Response Rule to just handle http:// -> https:// it does work (CSS works, images load) but it impacts EVERYTHING that is HTTP. Example, any content posted on the site as a link is rewritten as https even if the site is not.

 

I've tried more specific rules to limit what is transformed from http -> https but as customer work with a site and add content, plugins etc, the rule will constantly need to be updated to catch all.

 

I've searched the forum for anything that might point me in the right direction and I'm currently at a lost.

 

help...

 

 

 

Brocadian
Posts: 103
Registered: ‎04-22-2015

Re: SSL decrypt with mixed content

Hello, without seeing the detail of the HTML before/after, it is hard to tell which part of your HTTP rewriting rule is not working. I saw an earlier message from JLuksch which suggested to narrow the search to a specific string (rather than just Content Type "text/html") but I guess you tried that?

 

Can you provide details of the specific rules you have tried, and the before/after output?

 

If you prefer, send via PM.

 

 

Brocadian
Posts: 17
Registered: ‎05-22-2015

Re: SSL decrypt with mixed content

Hello,

 

Wordpress can be configured to detect SSL offload by checking for the prescense of a HTTP header. If you use this approach, then wordpress should generate pages which use the appropriate protocol automatically. This will avoid you needing to rewrite the page body. The standard header to use for this is X-forwarded-proto, which can be injected by setting add_x_forwarded_proto == "yes" under vserver -> Protocol Settings (vTM 11.0) or vserver -> Connection Management (vTM <= 10.4). The wordpress support site details the wordpress changes required here:  

 

  https://wordpress.org/support/topic/wordpress-behind-a-reverse-proxyssl-endpoint-slightly-borked

 

Alternatively. If you want to do the response rewriting, then you could create a hash of the local hostnames that need to be rewritten and check for "http://<name>", so that you ignore links to non-local content. Or you could use a regex to ensure you only rewrite links to page furniture. but then hyperlinks ("<a href") would remain unchanged. a combination of the two might work:

 

 

$body = string.regexsub($body, "(<link[^>]*?href=\"http)://", "$1s://","g");
$body = string.regexsub($body, "(<(script|img)[^>]*?src=\"http)://", "$1s://","g");
$body = string.regexsub($body, "(<a [^>]*? href=\"http)(://www.mysite.com)\","$1s$2", "g");

 

 

Cheers,

Mark

 

 

 

Occasional Contributor
Posts: 5
Registered: ‎08-26-2015

Re: SSL decrypt with mixed content

Mark,

 

The wordpress support article along with the add_x_forward_proto worked like a charm.

 

Thank you for all your help!

 

Peter

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.