Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

F5 AppWorld 2024 session proposal deadline extended to Friday, December 8th!

Assistance with an iRule

SugarsB
Nimbostratus
Nimbostratus

‎28-Jul-2022 07:02

Good day

I need assistance with an iRule that can read the current time, add that as a timestamp and encrypt it in the header.

Regards

Labels:
4 REPLIES 4

Patrik_Jonsson
MVP
MVP

‎28-Jul-2022 13:16 - edited ‎28-Jul-2022 14:06

Interesting challenge. Try this?

 

when RULE_INIT {
  set static::key "fc2ed2bf490ad801c04ccd46b9d85b0c"
  set static::iv "7e2fe021d573c0eedd93c4b2704b1b3e"
}

when HTTP_REQUEST_SEND {
  set time [clock seconds]
  set encryptedtime [CRYPTO::encrypt -alg aes-128-cbc -keyhex $static::key -ivhex $static:iv $time]
  HTTP::header remove SECRETTIME
  HTTP::header insert SECRETTIME [b64encode $encryptedtime]
}

 

You can test it like by applying this rule to a test VIP:

when RULE_INIT {
  set static::key "fc2ed2bf490ad801c04ccd46b9d85b0c"
  set static::iv "7e2fe021d573c0eedd93c4b2704b1b3e"
}

when HTTP_REQUEST {
  set time [clock seconds]
  set encryptedtime [CRYPTO::encrypt -alg aes-128-cbc -keyhex $static::key -ivhex $static::iv $time]
  HTTP::respond 200 SECRETTIME [b64encode $encryptedtime]
}

And then test decrypting with curl and openssl:

curl -sI <ip> | grep SECRETTIME | awk '{print $2}' | openssl enc -a -d -aes-128-cbc -K fc2ed2bf490ad801c04ccd46b9d85b0c -iv 7e2fe021d573c0eedd93c4b2704b1b3e

Edit, made key + iv static to avoid being shamed by the iRules community.
Edit2: Added an example and changed to 32 bit hex key to follow the spec. F5 accepts 16 but openssl does not accept it.

 

 

Patrik_Jonsson
MVP
MVP
In response to Patrik_Jonsson

‎28-Jul-2022 14:22

Forgot how fun it is to be challenged by technical questions in the Devcentral forum. Too bad coding, work and kids takes up too much time. 🤔

LiefZimmerman
Community Manager
Community Manager
In response to Patrik_Jonsson

‎28-Jul-2022 15:41

I hear ya Patrik! It's hard to maintain balance. Thanks for the assist!

And @SugarsB - if this solved your problem clicking Accept as Solution will give at least one of Patrik's kids a cookie. 🍪

Cheers.

Anthony_Hynes
Moderator
Moderator

‎28-Jul-2022 16:00

Thanks for helping out Patrik! We REALLY appreciate your help, support and participation!  🙂


-- Director of Community Development
Copyright © 2023 Khoros, LLC