Akamai G20 Header Authentication
Problem this snippet solves: iRule for detection and authentication of Akamai G2O headers. Requires TMOS 11.1 or above as this leverages "CRYPTO::sign". This code block is the basics needed to make a decisions about requests that may or may not contain Akamai G2O headers. Code : when HTTP_REQUEST { #Requires TMOS 11.1 or above for support for "CRYPTO::sign" #This code block detects if the Akamai authentication headers are there #if so it then does the caculations based on the shared secret #finally it compares the output and logs a match if {[HTTP::header exists "X-Akamai-G2O-Auth-Data"] && [HTTP::header exists "X-Akamai-G2O-Auth-Sign"]} { #set shared secret here set secret_key "pass" set data "[HTTP::header value "X-Akamai-G2O-Auth-Data"][HTTP::path]" set signature "[HTTP::header value "X-Akamai-G2O-Auth-Sign"]" set signed_data [b64encode [CRYPTO::sign -alg hmac-md5 -key $secret_key $data]] if { $signed_data eq $signature } { log local0. "Signatures match" } } } Tested this on version: 11.1