Forum Discussion
hooleylist
Dec 11, 2010Cirrostratus
That's a cool site. Here's the iRule code:
TCL error: Rule Enterprise_F5_Fix_with_E35-THD_cookie_encrypt HTTP_REQUEST - cant read cookie: no such variable while executing HTTP::cookie value $cookie
when CLIENT_ACCEPTED {
Define an AES encryption key. A 128 bit (or larger) key is recommended.
You can use a key generator, or create your own using only HEX characters.
set aes_key "63544a5e7178677b45366b4140"
Name of the cookie to encrypt/decrypt
set cookie "app_cookie"
Log debug messages to /var/log/ltm? 1=yes, 0=no.
set cookie_encryption_debug 0
}
when HTTP_REQUEST {
If the error cookie exists with any value, for any requested object, try to decrypt it
if {[string length [HTTP::cookie value $cookie]]}{
if {$cookie_encryption_debug}{log local0. \
"Original error cookie value: [HTTP::cookie value $cookie]"}
URI decode the value (catching any errors that occur when trying to
decode the cookie value and save the output to cookie_uri_decoded)
if {not ([catch {URI::decode [HTTP::cookie value $cookie]} cookie_uri_decoded])}{
Log that the cookie was URI decoded
if {$cookie_encryption_debug}{log local0. "\$cookie_uri_decoded was set successfully"}
Decrypt the value
if {not ([catch {AES::decrypt $aes_key $cookie_uri_decoded} cookie_decrypted])}{
Log the decrypted cookie value
if {$cookie_encryption_debug}{log local0. "\$cookie_decrypted: $cookie_decrypted"}
} else {
URI decoded value couldn't be decrypted.
}
} else {
Cookie value couldn't be URI decoded
}
} else {
Cookie wasn't present in the request
}
if {[HTTP::uri] ends_with ".asmx?WSDL"}{
set rewrite 1
if { [HTTP::version] eq "1.1" } {
HTTP::version "1.0"
}
} else {
set rewrite 0
}
switch [getfield [string tolower [HTTP::uri]] "/" 2] {
appe21test {pool test.app_EE_20 }
appe21 { pool www.company.com_e20 }
appe30 { pool www.company.com_e30 }
appe30test { pool www.company.com_e30test }
se08q4 { pool www.company.com_08q4 }
}
}
when HTTP_RESPONSE {
Check if response contains an error cookie with a value
if {[string length [HTTP::cookie value $cookie]] > 0}{
Log the original error cookie value from the app
if {$cookie_encryption_debug}{log local0. \
"Response from app contained our cookie: [HTTP::cookie value $cookie]"}
Encrypt the cookie value so the client can't change the value
HTTP::cookie value $cookie [URI::encode [AES::encrypt $aes_key [HTTP::cookie value $cookie]]]
Log the encoded and encrypted error cookie value
if {$cookie_encryption_debug}{log local0. \
"Encrypted error cookie to: [URI::encode [AES::encrypt $aes_key [HTTP::cookie value $cookie]]]"}
}
if {$rewrite == 1}{
collect payload for URI replacement
if {[HTTP::header exists Content-Length]}{
set clength [HTTP::header Content-Length]
} else {
set clength 4294967295
}
if { !($clength == 0) } {
HTTP::collect $clength
}
}
}
when HTTP_RESPONSE_DATA {
set payload [HTTP::payload]
regsub -all {(
Aaron