For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Bob_10976's avatar
Bob_10976
Icon for Nimbostratus rankNimbostratus
Jan 03, 2011

iRule to secure All Cookies...

I would like to setup an iRule that secures all cookies that are traverse a specific VIP. I created the below iRule, and assigned it to the only secure VIP we have but it doesn't seem to be working a...
application delivery
dev
devops
iRules
Chris_Miller's avatar
Chris_Miller
Icon for Altostratus rankAltostratus
Jan 03, 2011
Colin's 20 Lines or Less 18 covers this a bit:

http://devcentral.f5.com/weblogs/cwalker/archive/2008/12/31/20-lines-or-less-18.aspx 


Cookie Encryption Gateway

If you're looking to encrypt/decrypt ALL cookies going in and out of a virtual in one fell swoop, then here's your solution.  Normal configuration of profiles requires you to state each cookie that's going to be encrypted. This iRule allows you to add or remove cookies from your application at will, while always being sure they're going to be secured.

when RULE_INIT {
   Exposed passphrase, but this key can be synchronized to the peer LTM
    set ::passphrase "secret"

   Private passphrase, but it isn't synchronized.  On LTM failover to
   its peer, applications relying on the encrypted cookies will break.
     set ::passphrase [AES::key]
}

when HTTP_REQUEST {
  foreach { cookieName } [HTTP::cookie names] {
    HTTP::cookie decrypt $cookieName ::passphrase
  }
}

when HTTP_RESPONSE {
  foreach { cookieName } [HTTP::cookie names] {
    HTTP::cookie encrypt $cookieName ::passphrase
  }
}