force https?

155 views
Skip to first unread message

dave....@gmail.com

unread,
May 18, 2016, 9:29:58 AM5/18/16
to Guide on the Side discussion
Hello,

I have GotS working great on campus.   However, off campus isn't going so well.
Our infosec people have the server behind our F5, and are forcing https, due to the login page.

Needless to say, it kills all the CSS, and other files, as it won't serve them over http.
Not sure if there is a way to flip the whole site into a secure https mode, or I should be asking the server team or infosec to do something else for me.

If I look at the page errors, they are like this:

Mixed Content: The page at 'https://gots.server.edu/guide_on_the_side/' was loaded over HTTPS, but requested an insecure script 'http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js'. This request has been blocked; the content must be served over HTTPS.

Mixed Content: The page at 'https://gots.server.edu/guide_on_the_side/' was loaded over HTTPS, but requested an insecure script 'http://gots.server.edu/guide_on_the_side/js/jquery-1.7.2.min.js'. This request has been blocked; the content must be served over HTTPS.

Thanks for any suggestions

William Simpson

unread,
Aug 9, 2016, 12:10:12 PM8/9/16
to Guide on the Side discussion
Hi Dave,

Sorry to hear that!  We've gotten some other reports of people having issues with F5, but since we don't have that piece of hardware it's a bit hard for us to troubleshoot.  The problem seems to be that F5 causes PHP to report that it's not using HTTPS, which messes up the way CakePHP (and in turn Guide on the Side) figure out how to serve the appropriate assets.  

I've seen some discussion of this problem elsewhere (https://devcentral.f5.com/questions/incorrect-php-server-variables-when-redirecting-to-https-with-irules).  The folks at Lullabot have a solution that involves setting a custom header insert (https://www.lullabot.com/articles/setting-up-ssl-offloading-termination-on-an-f5-bigip-load-balancer) but I think we'd have to add some application logic to appropriately deal with that.

In the meantime, you could try editing app/Config/core.php in your Guide on the Site installation and adding something like:

Configure::write('App.fullBaseUrl', "https://example.com/guide_on_the_side/");

Let me know if that helps at all!

-Will


Reply all
Reply to author
Forward
0 new messages