Encrypt URL's and querystrings

Question

I know about the SSN and credit card scrubber, but is it possible to search the payload for http href's and replace them with an encrypted string them decrypt it on the way back in.&nbsp;
&nbsp;We have some info in our querystrings that we would like to hide using the loadbalancer until the development staff can make the appropriate change to the code.&nbsp;
&nbsp;Any help would be greatly appreciated.&nbsp;
&nbsp;Thanks,
&nbsp;Eric

hoolio · Answer

Hi,&nbsp;
&nbsp;You should be able to use the credit card scrubber rule (Click here) as an example for inspecting and replacing the HTTP response content.   You could search for the URLs/URIs in the response content and use the AES functions (Click here) to encrypt the content.  On subsequent responses, you could use HTTP::header or HTTP::uri to decrypt the strings.&nbsp;
&nbsp;If there is sensitive data in the HTTP response headers, you would need to en/decrypt that seperately using the HTTP::header functions (Click here).&nbsp;
&nbsp;Try starting with this and repost with any questions.&nbsp;
&nbsp;Aaron

tom_spector_50 · Answer

Please note that this would work provided there is no client side logic that uses these links or information in these links.

Forum Discussion

Encrypt URL's and querystrings

Recent Discussions

Oracle JDBC SSL Termination failing on F5

APM for banner and cert

An Irule for Client Ssl Profile that Allows Unassigned TLS Extension Values (17516)

How to Renew F5 Device Certificate

How to export a list of paired external service providers from APM?

Related Content

Decrypt, Encrypt, Decrypt, Encrypt, Encrypt....

Let's Encrypt

Load Balancing TCP TLS Encrypted Syslog Messages

Automate Let's Encrypt Certificates on BIG-IP

Encrypting Cookies

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS