Monday, March 31, 2014

Encrypting Cookies through F5 using iRules 

Encrypting Cookies through F5  using iRules


Referenced from https://devcentral.f5.com/wiki/irules.EncryptingCookies.ashx 




when CLIENT_ACCEPTED {
   # Define an AES encryption key. Valid key lengths are 128, 192, or 256 bits. 
   # You can use a key generator, or create your own using only HEX characters.
   set aes_key "AES 128 63544a5e7178677b45366b41405f2dab"

   # Name of the cookie to encrypt/decrypt
   set cookie"myCookie"

   # Log debug messages to /var/log/ltm?  1=yes, 0=no.
   set cookie_encryption_debug 0
}

when HTTP_RESPONSE {

   # Check if response contains an error cookie with a value
   if {[string length [HTTP::cookie value $cookie]] > 0}{

      # Log the original error cookie value from the app
      if {$cookie_encryption_debug}{log local0. \
         "Response from app contained our cookie: [HTTP::cookie value $cookie]"}

      # Encrypt the cookie value so the client can't change the value
      HTTP::cookie value $cookie [URI::encode [AES::encrypt $aes_key [HTTP::cookie value $cookie]]]

      # Log the encoded and encrypted error cookie value
      if {$cookie_encryption_debug}{log local0. \
        "Encrypted error cookie to: [URI::encode [AES::encrypt $aes_key [HTTP::cookie value $cookie]]]"}
   }
}

when HTTP_REQUEST {
   # If the error cookie exists with any value, for any requested object, try to decrypt it
   if {[string length [HTTP::cookie value $cookie]]}{

      if {$cookie_encryption_debug}{log local0. \
         "Original error cookie value: [HTTP::cookie value $cookie]"}

      # URI decode the value (catching any errors that occur when trying to 
      # decode the cookie value and save the output to cookie_uri_decoded)
      if {not ([catch {URI::decode [HTTP::cookie value $cookie]} cookie_uri_decoded])}{

         # Log that the cookie was URI decoded
         if {$cookie_encryption_debug}{log local0. "\$cookie_uri_decoded was set successfully"}

         # Decrypt the value
         if {not ([catch {AES::decrypt $aes_key $cookie_uri_decoded} cookie_decrypted])}{

            # Log the decrypted cookie value
            if {$cookie_encryption_debug}{log local0. "\$cookie_decrypted: $cookie_decrypted"}
         } else {

            # URI decoded value couldn't be decrypted.
         }
      } else {
         # Cookie value couldn't be URI decoded
      }
   } else {
      # Cookie wasn't present in the request
   }
}










Posted by
test


at
12:58 PM



















Labels:
,














No comments:















Post a Comment


















        

      









Subscribe to:
Post Comments (Atom)