Forum Discussion
IheartF5_45022
Dec 09, 2013Nacreous
I do know one way to hide sensitive data in an iRule - hide it in the session table, so it lives only in memory and doesn't appear in the config files.
To do this you will need to create a "Control Plane" VIP to update the data. This VIP would be internal-facing, source IP restricted and maybe client cert protected (you wouldn't want just anybody accessing it). It wouldn't have a pool associated - just an iRule
when HTTP_REQUEST {
set key [URI::query [HTTP::uri] "key"]
set value [URI::query [HTTP::uri] "value"]
Set the key value in session table
table set $key $value indefinite
log local0. "Key $key updated by [IP::remote_addr]"
}
Then in other iRules that need to use that data, you would reference [table lookup "blah"], where 'blah' was the value of the 'key' query parameter in the control plane iRule.