Forum Discussion

mzahir_65368's avatar
mzahir_65368
Icon for Altostratus rankAltostratus
Jun 17, 2011

Decrypt AES Cookie outside of the load balancer

Hello,     Whenever we see issues with a particular application server, our QA team decodes the F5 cookie to isolate the problematic server. However, after we implemented the encryption of the F...
application delivery
dev
devops
iRules
spark_86682's avatar
spark_86682
Historic F5 Account
Jun 21, 2011
Could you elaborate on what didn't work for you? The following works for me using iRule encryption: 
profile persist my_cookie {
   defaults from cookie
   cookie mode insert
   cookie name "pcookie"
}
rule my_rule {
  when HTTP_REQUEST {
     HTTP::cookie decrypt pcookie "mypassphrase"
     if { [HTTP::uri] == "/cookiedecrypter" } {
       HTTP::respond 200 content "Your cookie decrypted to: [HTTP::cookie value pcookie]"
       return
     }
  }
  when HTTP_RESPONSE {
     HTTP::cookie encrypt pcookie "mypassphrase"
  }
}
virtual http_vip {
   pool http_pool
   destination 10.3.3.127:http
   ip protocol tcp
   persist my_cookie
   rules my_rule
   profiles {
      http {}
      tcp {}
   }
}
Here's some sample output: 
[root@v9dev1 root] telnet 10.3.3.127 80
Trying 10.3.3.127...
Connected to 10.3.3.127 (10.3.3.127).
Escape character is '^]'.
GET /cookiedecrypter HTTP/1.1
Host: foobarbaz
Cookie: pcookie=VjGAtYnPEtZUVxw/wVjg5d+fhs8e3MdS5FeP0Z7BOsQEWOSVH4C2fInFFaQB4T62plOUIBp3H1vEytw=

HTTP/1.0 200 OK
Server: BigIP
Connection: Keep-Alive
Content-Length: 47

Your cookie decrypted to: 3355509002.13173.0000