Forum Discussion
SugarsB
Nimbostratus
NimbostratusAssistance with an iRule
Good day I need assistance with an iRule that can read the current time, add that as a timestamp and encrypt it in the header. Regards
Interesting challenge. Try this?
when RULE_INIT {
set static::key "fc2ed2bf490ad801c04ccd46b9d85b0c"
set static::iv "7e2fe021d573c0eedd93c4b2704b1b3e"
}
when HTTP_REQUEST_SEND {
set time [clock seconds]
set encryptedtime [CRYPTO::encrypt -alg aes-128-cbc -keyhex $static::key -ivhex $static:iv $time]
HTTP::header remove SECRETTIME
HTTP::header insert SECRETTIME [b64encode $encryptedtime]
}
You can test it like by applying this rule to a test VIP:
when RULE_INIT {
set static::key "fc2ed2bf490ad801c04ccd46b9d85b0c"
set static::iv "7e2fe021d573c0eedd93c4b2704b1b3e"
}
when HTTP_REQUEST {
set time [clock seconds]
set encryptedtime [CRYPTO::encrypt -alg aes-128-cbc -keyhex $static::key -ivhex $static::iv $time]
HTTP::respond 200 SECRETTIME [b64encode $encryptedtime]
}And then test decrypting with curl and openssl:
curl -sI <ip> | grep SECRETTIME | awk '{print $2}' | openssl enc -a -d -aes-128-cbc -K fc2ed2bf490ad801c04ccd46b9d85b0c -iv 7e2fe021d573c0eedd93c4b2704b1b3eEdit, made key + iv static to avoid being shamed by the iRules community.
Edit2: Added an example and changed to 32 bit hex key to follow the spec. F5 accepts 16 but openssl does not accept it.
Forgot how fun it is to be challenged by technical questions in the Devcentral forum. Too bad coding, work and kids takes up too much time. 🤔
- LiefZimmerman
Admin
I hear ya Patrik! It's hard to maintain balance. Thanks for the assist!
And SugarsB - if this solved your problem clicking Accept as Solution will give at least one of Patrik's kids a cookie. 🍪
Cheers.
