Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
645
Views
0
Helpful
3
Replies

Cisco ACE - Unsecured links

Go to solution
networker99
Level 1
Level 1

‎12-23-2010 05:41 AM

I am currently testing a website for a new application.  Currently the SSL is being performed on the load balancer (SSL offloading, talking unencrypted to the back end web server) and it is securing the entire site.  so anyone going to http://www.mytestsite.com gets redirected to https://www.mytestsite.com

When using the application some users are experiencing some pages displaying an IE warning that the page requested references some insecure links.  Now my thinking is this is happening becuase the load balancer secures the connection between the client and the load balancer, and it is securing pages served up by the web server, however if these webpages contain links within their code to unsecured content (i.e. an image contained on another server)  the load balancer is not responsible to adjusting this link within the code and this is what IE is referencing in its warning message (as IE does not know it will be redirected by the load balancer when retrieving this content).

Does this sound correct? or do I sound way off?

for the solution I am proposing the webserver itself determine which content should be secured (still allowing the load balancer to secure it) as it may be content that does not need to be secured, or have the links reference https connections.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Surya ARBY
Level 4
Level 4

‎12-23-2010 05:52 AM

The HTTP to HTTPS redirection is correct.

The only caveat associated to that is the case where your application contains hardcoded "http://" links, because you come in https but the secure page contains unsecure (http:// - clear text) content.

The only production-ready workaround to that is to rewrite the payload of the page to change the pattern "http://" to "https://" but the ACE doesn't offer this feature, some other products can...

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Surya ARBY
Level 4
Level 4

‎12-23-2010 05:52 AM

The HTTP to HTTPS redirection is correct.

The only caveat associated to that is the case where your application contains hardcoded "http://" links, because you come in https but the secure page contains unsecure (http:// - clear text) content.

The only production-ready workaround to that is to rewrite the payload of the page to change the pattern "http://" to "https://" but the ACE doesn't offer this feature, some other products can...

0 Helpful

Go to solution
networker99
Level 1
Level 1
In response to Surya ARBY

‎12-23-2010 05:54 AM

Thank you so I am correct in my thinking?

0 Helpful

Go to solution
Surya ARBY
Level 4
Level 4
In response to networker99

‎12-23-2010 06:07 AM

yes.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card