For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Christopher_J_B's avatar
Christopher_J_B
Icon for Nimbostratus rankNimbostratus
Sep 08, 2011

signature header authentication

Any one create an iRule to perform - Signed Header Authentication ?     Basically the F5 would need to decrypt/validate received HTTP header(s) that are encrypted with a private key (shared bet...
application delivery
dev
devops
iRules
Russell_Moore_8's avatar
Russell_Moore_8
Icon for Nimbostratus rankNimbostratus
Jul 23, 2014

I needed a rule to validate G2O headers so I wrote the below rule and I've also submitted it to codeshare.

 

Code
when HTTP_REQUEST {
    Requires TMOS 11.1 or above for support for "CRYPTO::sign"
This code block detects if the Akamai authentication headers are there
if so it then does the caculations based on the shared secret
finally it compares the output and logs a match

if {[HTTP::header exists "X-Akamai-G2O-Auth-Data"] && [HTTP::header exists "X-Akamai-G2O-Auth-Sign"]} {

    set shared secret here
    set secret_key "pass" 
    set data "[HTTP::header value "X-Akamai-G2O-Auth-Data"][HTTP::path]"
    set signature "[HTTP::header value "X-Akamai-G2O-Auth-Sign"]"
    set signed_data [b64encode [CRYPTO::sign -alg hmac-md5 -key $secret_key $data]]

    if { $signed_data eq $signature } {
        log local0. "Signatures match"
    }
}
}