NimbostratusHi all,
i'm wondering how to decode in iRule the cookie encrypted in persistence profile ?
Till now i have tried:
b64decode [AES::decrypt $::key $cookie] or [AES::decrypt $::key [b64decode $cookie]
HTTP::cookie decrypt $cookie $::key "192"
No success :( The key is the same in iRule and in persistence profile.
Any hints ?
It's not encrypted like that, a little math will do the trick..
Read this
https://support.f5.com/kb/en-us/solutions/public/6000/900/sol6917.html?sr=42074214
Then tinker with this
https://devcentral.f5.com/wiki/iRules.Persistence_Cookie_Logger.ashx
NimbostratusI think you don't understand correctly my problem. I know how F5 is encoding the IP:port (with and without partitions) that's why i would like to encrypt it (because it's widely known and everyone can decode the IP:port from this cookie). The problem is i can't decode the encrypted cookie in iRule with passpharase that is the same as in the Cookie Persistence Profile. Hope you understand
CirrusWe use this in a couple iRules
set decryptedCookie [HTTP::cookie decrypt $cookieName $passPhrase "192"]
This is how i have understand it from the F5 doc's, but for me the decrypted value is empty, means the decryption was not ok...
That is the second example from my post.
As i understood from your post - this is working for you. Which version of F5 are you running (my is 11.5.0 HF4) ?
CirrusCirrus
Altostratus@Derek - Ah sorry about that ;)- yeah HTTP::cookie decrypt is working for us in 11.5 - but on a newer hotfix. We're using a similar syntax to Brads example - Maybe post the complete rule?
Nimbostratus@iRuleYou - below is:
1 - the persistence cookie definition:
ltm persistence cookie persist_Test {
app-service none
cookie-encryption required
cookie-encryption-passphrase $M$jb$wzkKy+0kkZgRly/uKWOlcQ==
cookie-name Test
defaults-from /Common/cookie
timeout 180
}
2 - iRule i'm using for testing:
when CLIENT_ACCEPTED {
set encryption_passphrase "7618"
set cookiename "Test"
}
when HTTP_REQUEST {
if {[HTTP::cookie exists $cookiename] } {
set encrypted [HTTP::cookie $cookiename]
set decrypted [HTTP::cookie decrypt $cookiename $encryption_passphrase "192"]
if { ($decrypted eq "") } {
log local0. "Cookie NOT DECRYPTED Properly !!!!"
}
log local0. "Cookie: Encrypted -> $encrypted, Decrypted -> $decrypted"
}
}
when HTTP_RESPONSE {
set $pcookie "123456"
HTTP::cookie insert name $cookiename value $pcookie path "/"
HTTP::cookie encrypt $cookiename $encryption_passphrase "192"
}
Right now i can decode the cookie properly, but when i'm encrypting my cookie from iRule then i can't decrypt it properly.
Thanks for any hints on it.