svs
Feb 15, 2017Cirrus
iRule Optimization
Hi Folks, a customer is using an iRule, which logs full POST requests, including the passwords of a login in cleartext. He asked me to masquerade the password. Unfortunately I didn't found an eas...
Hi svs,
you may try the iRule below. The password masking code function should run ~ 3-times faster then yours and also contains extended error handlings.
when RULE_INIT {
set static::user_password_match "&password="
set static::user_password_match_len [string length $static::user_password_match]
}
when HTTP_REQUEST {
define input data
set data "POST /some_login HTTP/1.1\r\nHost: login.example.com\r\nAccept: */*\r\nContent-length: 65\r\nContent-Type: application/x-www-form-urlencoded\r\n\r\nusername=some_user&password=Thi`isMyHig!S%xcu)eP,ssword&parmX=1&parmY=2&parmZ=3"
parse input data
set data_new [substr $data 0 $static::user_password_match]
if { [string length $data] != [string length $data_new] } then {
set data_remain [findstr $data $static::user_password_match $static::user_password_match_len]
if { $data_remain contains "&" } then {
append data_new "$static::user_password_match[string repeat "*" [string length [substr $data_remain 0 "&"]]][findstr $data_remain "&" 0]"
} else {
append data_new "$static::user_password_match[string repeat "*" [string length $data_remain]]"
}
}
debug log
log local0.debug "Request: $data"
log local0.debug "User password is: [substr $data_remain 0 "&"]"
log local0.debug "Masked password is: [string repeat "*" [string length [substr $data_remain 0 "&"]]]"
log local0.debug "Request (masked): $data_new"
}
Cheers, Kai