Showing results for 
Search instead for 
Did you mean: 

SSL Decryption

Peter Sprokkelenburg
Occasional Contributor

SSL Decryption

In the process of setting up my vTM's to do SSL Decryption websites and moving the certs off my individual backend servers.


Everything is working, except Firefox, Chrome, Edge, IE etc are all showing limited content:


"Some unencrypted elements on this page have been blocked"


Do I need a response script to rewrite the "http://" - > "https://"


The test site is running a default install of wordpress and I've set the wordpress url to the be "https://"


Am I missing something?

Peter Sprokkelenburg
Occasional Contributor

Re: SSL Decryption

Okay so after some digging around I was able to find a script that will rewrite the response headers from http: -> https:


$url = http.getResponseHeader( "Content-Type" );  
if( !string.startsWith( $url, "text/html" ) ) break;  
$response = http.getResponseBody();  
$response = string.replaceAll( $response,   
  "http://", "https://" );  
http.setResponseBody( $response );

But I still get a blocked message showing up when I go to a VS that is doing SSL Decryption.


If a go to a site that is NOT using SSL Decryption I don't get any warnings that "Only secure content is being displayed"


Still something missing either in the response script or a setting somewhere.


Anyone else running into this?



New Contributor

Re: SSL Decryption



your script only looks for Content Type "text/html".


Maybe your server returns e.g. the XHTML content types, so the script would not activate?



Maybe you check in our browser (F12 developer tools, etc.), what content type your server is responding with, could be

application/xhtml+xml or application/xml as well.


Then add a command at the end with some debug notes, so you can be sure, that your script actually is active, as you can see the log in the vTM event log.


I also would limit the search/replace string to e.g. "", including the hostname, because your script replaces *every* "http://", also the ones pointing to external sites, so the script replaces way too much.