Forum Discussion
NimbostratusCookie encryption on LTM
Hi All,
My Query is related to securing cookie from LTM. I know two ways, First by irule and second from creating new http profile and enable cookie Passphrase (Correct me if i am wrong). I want to know the mechanism from LTM side. How LTM securing cookie when i am enabling the options.
Thanks Ashish
Hi,
either using an irule or an http profile, the passphrase allow you to encrypt using AES algorithm. It's the same mecanism to encrypt persistence cookies.
When using irules, you can use the embedded command or define your own algorithm.
5 Replies
Yann_Desmarest_Nacreous
Hi,
either using an irule or an http profile, the passphrase allow you to encrypt using AES algorithm. It's the same mecanism to encrypt persistence cookies.
When using irules, you can use the embedded command or define your own algorithm.
Ashish_Chakravathank you
Yann_DesmarestCirrus
Hi,
either using an irule or an http profile, the passphrase allow you to encrypt using AES algorithm. It's the same mecanism to encrypt persistence cookies.
When using irules, you can use the embedded command or define your own algorithm.
- Ashish_Chakravathank you
youssef1Cumulonimbus
Hello,
More information in the following article (explanation, profile creation, ...):
https://support.f5.com/kb/en-us/solutions/public/14000/700/sol14784.html
This following article explain and provide you explanation and Irule for cookie encryption:
http://www.thef5guy.com/blog/2010/01/cookie-encryption-using-an-irule/
when RULE_INIT { set ::key [AES::key 128] } when HTTP_RESPONSE { set decrypted [HTTP::cookie "MyCookie"] HTTP::cookie remove "MyCookie" set encrypted [b64encode [AES::encrypt $::key $decrypted]] HTTP::cookie insert name "MyCookie" value $encrypted } when HTTP_REQUEST { set encrypted [HTTP::cookie "MyCookie"] HTTP::cookie remove "MyCookie" set decrypted [AES::decrypt $::key [b64decode $encrypted]] HTTP::cookie insert name "MyCookie" value $decrypted }
