Forum Discussion
NimbostratusInsert multiple Public-Key-Pins with iRule
I'm trying to insert multiple public-key-pins using an iRule in LTM 12. Currently, I can get it to work and pass the Qualys test when using a single key with the following code:
HTTP::header insert "Public-Key-Pins" pin-sha256="hash goes here"
When I try to add more than one key in the line, I either get LTM errors with syntax or it fails the Qualys test due to it being presented incorrectly thru the header. The code I've been trying looks like this:
HTTP::header insert "Public-Key-Pins" "pin-sha256='hash 1 goes here'; pin-sha256='hash 2 goes here'; pin-sha256='hash 3 goes here'"
The F5 will accept that code, but again, it is presented wrong in the header. I've also tried multiple insert lines and setting each has as a variable, then writing the insert using variables to try to overcome the single vs double quotes which, in my mind, seems to be the issue.
I'm kind of new to writing iRules, so any help in making this work would be appreciated.
Thanks!
2 Replies
- Kai_Wilke
MVP
Hi Kyle,
you have to either
or\
escape the double-quote characters to become a part of the{}
parameter strings...HTTP::headerHTTP::header insert "Public-Key-Pins" "pin-sha256=\"hash 1 goes here\"; pin-sha256=\"hash 2 goes here\"; pin-sha256=\"hash 3 goes here\""... or ...
HTTP::header insert "Public-Key-Pins" {pin-sha256="hash 1 goes here"; pin-sha256="hash 2 goes here"; pin-sha256="hash 3 goes here"}Note: The first example allows you to substitute certain
or[commands]
to the string. The later example didn't allow any kind of substitution.$variablesCheers, Kai
Tarik_B_Hi Guys,
I'm a junior and quite new on F5 LTM/ASM and still not usual with iRules and scripting. That's why I wanted to ask you if it is possible for you to copy paste the complete iRule to allow me to use the key pinning.
Note: I'm using version 11.5.3
Thanks in advance.
DgLiNGo
