NimbostratusIs it possible to write a custom http header authentication module? If a certain header exists, I'd like to check a cryptographic signature on it and then verify the header hasn't expired.
Is there an API or programming language available to implement such a thing on F5 devices?
Better not to re-invent the wheel, especially when it comes to security. Is there any reason you can't use HTTP Basic auth or Client Certificate auth, to name a few examples?
EmployeeWell, yes of course. There's not much you really can't do with iRules (the F5 programmability API), so such a thing would be extremely reasonable.
when HTTP_REQUEST {
if { [HTTP::header exists MYAUTHHDR] } {
do something with that header
}
}
The real question, however, is how you would implement such a thing securely. HTTP headers don't usually provide any sort of challenge-response mechanism, so you'd have to create such a thing, both in iRules AND within the client from scratch, and you'd have to make sure that a) the communication was encrypted, and b) that it is (hopefully) not spoofable.