Help
FortiWeb
A FortiWeb can be configured to join a Security Fabric through the root or downstream FortiGate.
hassanm
Staff
Staff

Created on ‎10-31-2023 08:25 AM Edited on ‎10-31-2023 08:32 AM By Moderator

Article Id 282156

Troubleshooting Tip: Issues with mixed content with FortiWeb

Description

 

This article describes issues that may occur if FortiWeb VS is using HTTPS only. All active mixed content delivered via HTTP on these pages will be blocked by default. Consequently, the website may appear broken to users (if iframes or plugins do not load, etc.).

 

Scope

 

FortiWeb.

 

Solution

 

In the following scenario, communication between FortiWeb and both client/backend servers is over HTTPS: Client (HTTPS) > FortiWeb VIP > (HTTPS) Real Server.

 

While the server page needs to load some components over HTTP:

 

2023-10-31 15_41_41-http___vip1.internal.lab_mixed.html — Mozilla Firefox.png

 

Consequently, the content is blocked and a mixed block error appears:

 

Picture1.png

 

To fix this issue, use one of the following methods:

 

  • Content Security Policy: It is possible to use header security policy -> content security policy -> upgrade-insecure-requests. This will instruct the user-agent to modify all URLs with HTTP 'insecure' to send requests using HTTPS.

 

Picture2.png

 

  • Rewrite rule: Go to Application Delivery -> URL Rewriting and select the URL Rewriting Rule tab. This would replace any 'HTTP' with 'HTTPS' in the body of the backend server response.

Picture3.png

After making these changes, all page content will load with no errors:

Picture4.png

999
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.