Forum Discussion
JPcaceresMorale
Nimbostratus
NimbostratusCrypto irule cpu consumption
Hi all,
I have an irules to decrypt all http payload request and other to encrypt all http payload response, it works perfectly, but the CPU consumption of TMM is very high. Anyone have experien...
JPcaceresMoraleNimbostratus
Nimbostratuswhen RULE_INIT {
set static::hexkey "xxxxxxxxxxxxxxxxx"
log local0.info"====Rule_Init===="
log local0.info "Key is $static::hexkey"
log local0.info"================="
}
when HTTP_REQUEST {
HTTP::header remove "Accept-Encoding"
if { [HTTP::version] eq "1.1" } {
if { [HTTP::header is_keepalive] } {
HTTP::header replace "Connection" "Keep-Alive"
}
HTTP::version "1.0"
}
if {[HTTP::method] != "OPTIONS"}{
if {! ([HTTP::uri] starts_with "/xxxx/claims/v1/xxxxxx") }{
if { !([HTTP::uri] starts_with "/xxx/v1/xxxxxxx") }{
Trigger collection for up to 1MB of data
if {[HTTP::header "Content-Length"] ne "" && [HTTP::header "Content-Length"] <= 1048576}{
set content_length [HTTP::header "Content-Length"]
} else {
set content_length 1048576
}
Check if $content_length is not set to 0
if { $content_length > 0} {
HTTP::collect $content_length
}
}
}
}
}
when HTTP_REQUEST_DATA {
if {[HTTP::method] != "OPTIONS"}{
if {! ([HTTP::uri] starts_with "/xxxx/claims/v1/xxxxxx") }{
if { !([HTTP::uri] starts_with "/xxx/v1/xxxxxxx") }{
log local0.info [HTTP::uri]
set iv "xxxxxxxxxx"
set paiload [HTTP::payload]
log local0.info "payload: $paiload"
set payload_without_json [string map {\{ {} \} {} \[ {} \] {} \" {} set {} value {} \: {}} $paiload]
log local0.info "sin json: $payload_without_json"
set text_to_decrypt [b64decode $payload_without_json]
log local0.info "dato encriptado: $text_to_decrypt"
set dec_out_no_binary [CRYPTO::decrypt -alg aes-128-cbc -keyhex $static::hexkey -ivhex $iv $text_to_decrypt]
binary scan $dec_out_no_binary H* enc_hex
log local0.info "dato desencriptado: $dec_out_no_binary"
HTTP::payload replace 0 [HTTP::payload length] $dec_out_no_binary
HTTP::release
}
}
}
}