Forum Discussion

Nimbostratus

Jun 01, 2016

Solved

Cookie encryption on LTM

Hi All, My Query is related to securing cookie from LTM. I know two ways, First by irule and second from creating new http profile and enable cookie Passphrase (Correct me if i am wrong). I wan...

iRules

LTM

security

Yann_Desmarest_
Jun 01, 2016
Hi,

either using an irule or an http profile, the passphrase allow you to encrypt using AES algorithm. It's the same mecanism to encrypt persistence cookies.

When using irules, you can use the embedded command or define your own algorithm.

youssef1

Cumulonimbus

Jun 01, 2016

Hello,

More information in the following article (explanation, profile creation, ...):

https://support.f5.com/kb/en-us/solutions/public/14000/700/sol14784.html

This following article explain and provide you explanation and Irule for cookie encryption:

http://www.thef5guy.com/blog/2010/01/cookie-encryption-using-an-irule/

when RULE_INIT {
 set ::key [AES::key 128]
 }
 when HTTP_RESPONSE {
 set decrypted [HTTP::cookie "MyCookie"]
 HTTP::cookie remove "MyCookie"
 set encrypted [b64encode [AES::encrypt $::key $decrypted]]
 HTTP::cookie insert name "MyCookie" value $encrypted
 }
 when HTTP_REQUEST {
 set encrypted [HTTP::cookie "MyCookie"]
 HTTP::cookie remove "MyCookie"
 set decrypted [AES::decrypt $::key [b64decode $encrypted]]
 HTTP::cookie insert name "MyCookie" value $decrypted
 }

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)