Forum Discussion
Assistance with an iRule
Good day
I need assistance with an iRule that can read the current time, add that as a timestamp and encrypt it in the header.
Regards
Thanks for helping out Patrik! We REALLY appreciate your help, support and participation! 🙂
Interesting challenge. Try this?
when RULE_INIT { set static::key "fc2ed2bf490ad801c04ccd46b9d85b0c" set static::iv "7e2fe021d573c0eedd93c4b2704b1b3e" } when HTTP_REQUEST_SEND { set time [clock seconds] set encryptedtime [CRYPTO::encrypt -alg aes-128-cbc -keyhex $static::key -ivhex $static:iv $time] HTTP::header remove SECRETTIME HTTP::header insert SECRETTIME [b64encode $encryptedtime] }
You can test it like by applying this rule to a test VIP:
when RULE_INIT { set static::key "fc2ed2bf490ad801c04ccd46b9d85b0c" set static::iv "7e2fe021d573c0eedd93c4b2704b1b3e" } when HTTP_REQUEST { set time [clock seconds] set encryptedtime [CRYPTO::encrypt -alg aes-128-cbc -keyhex $static::key -ivhex $static::iv $time] HTTP::respond 200 SECRETTIME [b64encode $encryptedtime] }
And then test decrypting with curl and openssl:
curl -sI <ip> | grep SECRETTIME | awk '{print $2}' | openssl enc -a -d -aes-128-cbc -K fc2ed2bf490ad801c04ccd46b9d85b0c -iv 7e2fe021d573c0eedd93c4b2704b1b3e
Edit, made key + iv static to avoid being shamed by the iRules community.
Edit2: Added an example and changed to 32 bit hex key to follow the spec. F5 accepts 16 but openssl does not accept it.Forgot how fun it is to be challenged by technical questions in the Devcentral forum. Too bad coding, work and kids takes up too much time. 🤔
I hear ya Patrik! It's hard to maintain balance. Thanks for the assist!
And SugarsB - if this solved your problem clicking Accept as Solution will give at least one of Patrik's kids a cookie. 🍪
Cheers.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com