Forum Discussion

Ashish_Chakrava's avatar
Ashish_Chakrava
Icon for Nimbostratus rankNimbostratus
Jun 01, 2016
Solved

Cookie encryption on LTM

Hi All,

 

My Query is related to securing cookie from LTM. I know two ways, First by irule and second from creating new http profile and enable cookie Passphrase (Correct me if i am wrong). I want to know the mechanism from LTM side. How LTM securing cookie when i am enabling the options.

 

Thanks Ashish

 

  • Hi,

     

    either using an irule or an http profile, the passphrase allow you to encrypt using AES algorithm. It's the same mecanism to encrypt persistence cookies.

     

    When using irules, you can use the embedded command or define your own algorithm.

     

5 Replies

  • Hi,

     

    either using an irule or an http profile, the passphrase allow you to encrypt using AES algorithm. It's the same mecanism to encrypt persistence cookies.

     

    When using irules, you can use the embedded command or define your own algorithm.

     

  • Hi,

     

    either using an irule or an http profile, the passphrase allow you to encrypt using AES algorithm. It's the same mecanism to encrypt persistence cookies.

     

    When using irules, you can use the embedded command or define your own algorithm.

     

  • Hello,

    More information in the following article (explanation, profile creation, ...):

    https://support.f5.com/kb/en-us/solutions/public/14000/700/sol14784.html

    This following article explain and provide you explanation and Irule for cookie encryption:

    http://www.thef5guy.com/blog/2010/01/cookie-encryption-using-an-irule/

    when RULE_INIT {
     set ::key [AES::key 128]
     }
     when HTTP_RESPONSE {
     set decrypted [HTTP::cookie "MyCookie"]
     HTTP::cookie remove "MyCookie"
     set encrypted [b64encode [AES::encrypt $::key $decrypted]]
     HTTP::cookie insert name "MyCookie" value $encrypted
     }
     when HTTP_REQUEST {
     set encrypted [HTTP::cookie "MyCookie"]
     HTTP::cookie remove "MyCookie"
     set decrypted [AES::decrypt $::key [b64decode $encrypted]]
     HTTP::cookie insert name "MyCookie" value $decrypted
     }