Forum Discussion

SugarsB's avatar
SugarsB
Icon for Nimbostratus rankNimbostratus
Jul 28, 2022

Assistance with an iRule

Good day

I need assistance with an iRule that can read the current time, add that as a timestamp and encrypt it in the header.

Regards

  • Interesting challenge. Try this?

     

    when RULE_INIT {
      set static::key "fc2ed2bf490ad801c04ccd46b9d85b0c"
      set static::iv "7e2fe021d573c0eedd93c4b2704b1b3e"
    }
    
    when HTTP_REQUEST_SEND {
      set time [clock seconds]
      set encryptedtime [CRYPTO::encrypt -alg aes-128-cbc -keyhex $static::key -ivhex $static:iv $time]
      HTTP::header remove SECRETTIME
      HTTP::header insert SECRETTIME [b64encode $encryptedtime]
    }

     

    You can test it like by applying this rule to a test VIP:

    when RULE_INIT {
      set static::key "fc2ed2bf490ad801c04ccd46b9d85b0c"
      set static::iv "7e2fe021d573c0eedd93c4b2704b1b3e"
    }
    
    when HTTP_REQUEST {
      set time [clock seconds]
      set encryptedtime [CRYPTO::encrypt -alg aes-128-cbc -keyhex $static::key -ivhex $static::iv $time]
      HTTP::respond 200 SECRETTIME [b64encode $encryptedtime]
    }

    And then test decrypting with curl and openssl:

    curl -sI <ip> | grep SECRETTIME | awk '{print $2}' | openssl enc -a -d -aes-128-cbc -K fc2ed2bf490ad801c04ccd46b9d85b0c -iv 7e2fe021d573c0eedd93c4b2704b1b3e

    Edit, made key + iv static to avoid being shamed by the iRules community.
    Edit2: Added an example and changed to 32 bit hex key to follow the spec. F5 accepts 16 but openssl does not accept it.

     

     

    • Patrik_Jonsson's avatar
      Patrik_Jonsson
      Icon for MVP rankMVP

      Forgot how fun it is to be challenged by technical questions in the Devcentral forum. Too bad coding, work and kids takes up too much time. 🤔

      • LiefZimmerman's avatar
        LiefZimmerman
        Icon for Admin rankAdmin

        I hear ya Patrik! It's hard to maintain balance. Thanks for the assist!

        And SugarsB - if this solved your problem clicking Accept as Solution will give at least one of Patrik's kids a cookie. 🍪

        Cheers.

  • Thanks for helping out Patrik! We REALLY appreciate your help, support and participation!  🙂