View all questions & answers for the F5 BIG-IP LTM Specialist: Maintain and Troubleshoot (301b) Exam Materials exam


Question 70 Discussion

An LTM Specialist finds that a web page load balanced by an LTM device displays the following browser warning: "This page contains insecure content." When browsing to the web server directly this warning is NOT present. ltm virtual VS_HTTP { destination ip-protocol tcp mask 255.255.255.255 pool http_pool profiles { client_ssl_profile { context clientside } http { } tcp { } } source 0.0.0.0/0 source-address-translation { type automap } vlans-disabled } ltm pool http_pool { members { HTTP { address } } } Trace captured to the virtual server $ curl http://www.example.com <!DOCTYPE html> <html> <body> <h2>Click Here For Support</h2> <img src="http://image.example.com/images/support.jpg" alt="Support Button"> </body> </html> Trace captured direct to the web server $ curl https://www.example.com <!DOCTYPE html> <html> <body> <h2>Click Here For Support</h2> <img src="https://image.example.com/images/support.jpg" alt="Support Button"> </body> </html> Which step should the LTM Specialist take to resolve the web browser warning message? (Choose one answer)

  • A. Apply a trusted SSL certificate to the clientssl profile.
  • B. Apply an iRule with HTTP_REQUEST to redirect http to https.
  • C. Apply an iRule with HTTP_RESPONSE to rewrite http links to https.
  • D. Apply a serverssl profile to the Virtual Server.
Correct Answer: A

Brave-Dump Clients Votes

C 100%

Comments



LEONARDO EMANOEL OLIVEIRA 2026-03-04 19:58:37

Selected Answers: C


The correct answer is:
C. Apply an iRule with HTTP_RESPONSE to rewrite http links to https.
Explanation
- The browser warning “This page contains insecure content” appears when a secure HTTPS page includes elements loaded over HTTP, such as images, scripts, or stylesheets.
- In this case, the image is loaded via http://image.example.com/... when accessed through the LTM virtual server.
- However, when accessing the web server directly via HTTPS, the image link is https://image.example.com/..., which avoids the warning.
This mismatch is due to the LTM virtual server terminating SSL (via the clientssl profile) but forwarding traffic to the backend over HTTP. The server responds with absolute HTTP links, which the browser flags as insecure.
Why the other options are incorrect:
- A. Apply a trusted SSL certificate → The certificate isn’t the issue; the warning is about mixed content.
- B. Redirect HTTP to HTTPS → That would help if the client was accessing the site over HTTP, but the issue is with content inside an HTTPS page.
- D. Apply a serverssl profile → That would encrypt traffic between LTM and the backend, but it doesn’t rewrite the content.
Solution:
Use an iRule like this:
when HTTP_RESPONSE {
if {[HTTP::header Content-Type] contains "text/html"} {
HTTP::payload replace "http://" "https://"
}
}


This rewrites insecure links in the response payload to HTTPS, eliminating the browser warning.
Would you like help crafting a more targeted iRule that only rewrites specific domains or content types? That can help avoid unintended rewrites.