Forum Discussion
Russell_Moore_8
Jul 23, 2014Nimbostratus
I needed a rule to validate G2O headers so I wrote the below rule and I've also submitted it to codeshare.
Code
when HTTP_REQUEST {
Requires TMOS 11.1 or above for support for "CRYPTO::sign"
This code block detects if the Akamai authentication headers are there
if so it then does the caculations based on the shared secret
finally it compares the output and logs a match
if {[HTTP::header exists "X-Akamai-G2O-Auth-Data"] && [HTTP::header exists "X-Akamai-G2O-Auth-Sign"]} {
set shared secret here
set secret_key "pass"
set data "[HTTP::header value "X-Akamai-G2O-Auth-Data"][HTTP::path]"
set signature "[HTTP::header value "X-Akamai-G2O-Auth-Sign"]"
set signed_data [b64encode [CRYPTO::sign -alg hmac-md5 -key $secret_key $data]]
if { $signed_data eq $signature } {
log local0. "Signatures match"
}
}
}