Forum Discussion

Jeyakumar_Nadar's avatar
Jeyakumar_Nadar
Icon for Nimbostratus rankNimbostratus
Mar 13, 2006

Cookie encryption/decryption using iRule

Hello,     I am trying to write a script that will encrypt/decrypt a cookie, but am having a little trouble with the syntax used in the BIG-IP. I need to check to make sure that a cookie is...
application delivery
dev
devops
iRules
Joe_Pruitt's avatar
Joe_Pruitt
Mar 17, 2006
Documentation for "substr" is in the iRules wiki link above. Look on the Commands page and you should find it. If you don't like my solution below, feel free to use the builtin string commands. Check out the TCL reference above as well as it has a lot of string functions that can come in handy.

As for your logic, now that I think about it, I would probably just encrypt the cookie, insert the encrypted cookie with a new name "emycookie", and remove the original mycookie. This way you can determine from the cookie name whether it's incrypted as opposed to the contents.

when RULE_INIT {
  set ::cookieKey [AES::key]
}
when HTTP_RESPONSE {
  if { [HTTP::cookie exists "mycookie" } {
    set decrypted [HTTP::cookie "mycookie"]
    HTTP::cookie remove "mycookie"
    set encrypted [b64encode [AES::encrypt $::cookieKey $decrypted]]
    HTTP::cookie insert name "emycookie" value $encrypted
  }
}
when HTTP_REQUEST {
  if { [HTTP::cookie exists "emycookie" } { 
    set encrypted [HTTP::cookie "emycookie"]
    HTTP::cookie remove "emycookie"
    set decrypted [AES::decrypt $::cookieKey [b64decode $encrypted]]
    HTTP::cookie insert name "mycookie" value $decrypted
  }
}

I've added a couple of extra sanity checks in there to look for cookie existence and such.

Hope this helps...

-Joe