iRule to serve security.txt file - RFC 9116
No idea about the details of iRulesLX. But it seems way to much overhead to call something external just to serve some text.
Signing the file with the "clearsign" option as recommended is nothing more then a plain text readable file in this case, plus the signature and PGP headers.
All you do is the following. The --default-key option is only needed, in case you have multiple keys.
gpg --clearsign --default-key security@example.com security.txt
This will generate a security.txt.asc file. Then you paste that content in your iRule.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
# Our security address
Contact: mailto:security@example.com
# Our OpenPGP key
Encryption: https://example.com/pgp-key.txt
# Our security policy
Policy: https://example.com/security-policy.html
# Our security acknowledgments page
Acknowledgments: https://example.com/hall-of-fame.html
Expires: 2021-12-31T18:37:07z"
-----BEGIN PGP SIGNATURE-----
iIcEARYKAC8WIQSulmNYqOEvaLEXuXBhVhukMyqDOwUCYnZbLBEcdGhlZHVkZUBt
YXJjby5tcwAKCRBhVhukMyqDO7BKAP9fRJXm7xBW8DgvBurYlQtkl0ROc23gONpf
eeZupn3JxAD/YXNnZaC33dcHh7c7W22QK673XFtY7DmKpT7wUXCtlQs=
=3hMe
-----END PGP SIGNATURE-----
I heard F5 is also bit in the nginx business. 🙂
The open source enthusiasts will love to serve simple static content directly from the configuration. Here is a quick example.
Create a simple nginx config file like security.txt.conf with the following content.
server {
server_name localhost;
listen 80;
location / {
types {}
default_type text/html;
return 200 '
<html><body><br>
-----BEGIN PGP SIGNED MESSAGE-----<br>
Hash: SHA512<br>
<br>
# Our security address<br>
Contact: mailto:security@example.com<br>
<br>
# Our OpenPGP key<br>
Encryption: https://example.com/pgp-key.txt<br>
<br>
# Our security policy<br>
Policy: https://example.com/security-policy.html<br>
<br>
# Our security acknowledgments page<br>
Acknowledgments: https://example.com/hall-of-fame.html<br>
<br>
Expires: 2021-12-31T18:37:07z"<br>
<br>
-----BEGIN PGP SIGNATURE-----<br>
<br>
iIcEARYKAC8WIQSulmNYqOEvaLEXuXBhVhukMyqDOwUCYnZbLBEcdGhlZHVkZUBt<br>
YXJjby5tcwAKCRBhVhukMyqDO7BKAP9fRJXm7xBW8DgvBurYlQtkl0ROc23gONpf<br>
eeZupn3JxAD/YXNnZaC33dcHh7c7W22QK673XFtY7DmKpT7wUXCtlQs=<br>
=3hMe<br>
-----END PGP SIGNATURE-----<br>
</body></html>
';
}
}
Now lets fire up a container to see what we get.
docker run -it --rm --name nginxsecuritytxt -p 8080:80 -v $PWD/security.txt.conf:/etc/nginx/conf.d/default.conf nginx
Lets browse the page in the terminal.
lynx -collapse_br_tags=0 -trim_blank_lines=0 -nomargins=1 -dump http://localhost:8080/
You should see something like this.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
# Our security address
Contact: mailto:security@example.com
# Our OpenPGP key
Encryption: https://example.com/pgp-key.txt
# Our security policy
Policy: https://example.com/security-policy.html
# Our security acknowledgments page
Acknowledgments: https://example.com/hall-of-fame.html
Expires: 2021-12-31T18:37:07z"
-----BEGIN PGP SIGNATURE-----
iIcEARYKAC8WIQSulmNYqOEvaLEXuXBhVhukMyqDOwUCYnZbLBEcdGhlZHVkZUBt
YXJjby5tcwAKCRBhVhukMyqDO7BKAP9fRJXm7xBW8DgvBurYlQtkl0ROc23gONpf
eeZupn3JxAD/YXNnZaC33dcHh7c7W22QK673XFtY7DmKpT7wUXCtlQs=
=3hMe
-----END PGP SIGNATURE-----