- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-15-2017 01:37 AM
We installed a new instanec on premise on our cloud environment. However when I try to login I get "This page is trying to load scripts from unathenticated sources" In detailed exploration I find
"Mixed Content: The page at 'https://xxx.yyy.com/' was loaded over HTTPS, but requested an insecure form action 'http://xxx.yyy.com/login_redirect.do?sysparm_stack=no'. This request has been blocked; the content must be served over HTTPS."
We use load balancer for SSL ofloading 302 redirect (http request s redirectted to https)
Is there something wrong in load balancer configuration or should I try it to solve in the instance properties?
Thanks in Advance,
í–zgür
Solved! Go to Solution.
- Labels:
-
Security Operations
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-15-2017 06:42 AM
The problem lies Load balancer's 302 redirect rule. The rule below should be added to load balancer:
when HTTP_RESPONSE {
if { [HTTP::is_redirect] } {
if { [string tolower [URI::host [HTTP::header Location]]] conta
ins "<yourdomain.com>" and [URI::protocol [HTTP::header Location]] equals "http"
} {
HTTP::header replace Location [string replace [HTTP::he
ader Location] 0 3 https]
}
}
}
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-15-2017 02:11 AM
It looks like not all URLs are https:// enabled - so the browser is giving a warning that plain-text content is being requested for an encrypted session.
Flag it up to the team that did the on-premise installation - they should be able to fix the issue.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-15-2017 03:33 AM
I did the on premise installation, so that I should fix it. However I only do the steps described in "ServiceNow KB Deployment Guide (KB0563731).pdf" document. It looks like an load balancer issue, it exists after load balancer 302 redirect configuration, but I should prove it.
Regards,
í–zgür
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-15-2017 06:42 AM
The problem lies Load balancer's 302 redirect rule. The rule below should be added to load balancer:
when HTTP_RESPONSE {
if { [HTTP::is_redirect] } {
if { [string tolower [URI::host [HTTP::header Location]]] conta
ins "<yourdomain.com>" and [URI::protocol [HTTP::header Location]] equals "http"
} {
HTTP::header replace Location [string replace [HTTP::he
ader Location] 0 3 https]
}
}
}