Advertisement
keeganjacobson

Encrypt_HTTP_cookies_dynamic_v2

Oct 31st, 2017
186
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
TCL 1.94 KB | None | 0 0
  1. #Modified by Keegan Jacobson
  2. #Source https://devcentral.f5.com/codeshare?sid=500
  3.  
  4. when RULE_INIT {
  5.  
  6.     # Cookie name prefix
  7.     set static::ck_pattern "BIGipServer*"
  8.  
  9.     # Log debug to /var/log/ltm? 1=yes, 0=no)
  10.     set static::ck_debug 0
  11.  
  12.     # Cookie encryption passphrase
  13.     # Change this to a custom string!
  14.     set static::ck_pass "SET_COOKIE_HERE_LEAVE_THE_QUOTES_THOUGH"
  15. }
  16. when HTTP_REQUEST {
  17.  
  18.     if {$static::ck_debug}{log local0. "Request cookie names: [HTTP::cookie names]"}
  19.    
  20.     # Check if the cookie names in the request match our string glob pattern
  21.     if {[set cookie_names [lsearch -all -inline [HTTP::cookie names] $static::ck_pattern]] ne ""}{
  22.  
  23.         # We have at least one match so loop through the cookie(s) by name
  24.         if {$static::ck_debug}{log local0. "Matching cookie names: [HTTP::cookie names]"}
  25.         foreach cookie_name $cookie_names {
  26.            
  27.             # Decrypt the cookie value and check if the decryption failed (null return value)
  28.             if {[HTTP::cookie decrypt $cookie_name $static::ck_pass] eq ""}{
  29.  
  30.                 # Cookie wasn't encrypted, delete it
  31.                 if {$static::ck_debug}{log local0. "Removing cookie as decryption failed for $cookie_name"}
  32.                 HTTP::cookie remove $cookie_name
  33.             }
  34.         }
  35.         if {$static::ck_debug}{log local0. "Cookie header(s): [HTTP::header values Cookie]"}
  36.     }
  37. }
  38. when HTTP_RESPONSE {
  39.  
  40.     if {$static::ck_debug}{log local0. "Response cookie names: [HTTP::cookie names]"}
  41.    
  42.     # Check if the cookie names in the request match our string glob pattern
  43.     if {[set cookie_names [lsearch -all -inline [HTTP::cookie names] $static::ck_pattern]] ne ""}{
  44.        
  45.         # We have at least one match so loop through the cookie(s) by name
  46.         if {$static::ck_debug}{log local0. "Matching cookie names: [HTTP::cookie names]"}
  47.         foreach cookie_name $cookie_names {
  48.            
  49.             # Encrypt the cookie value
  50.             HTTP::cookie encrypt $cookie_name $static::ck_pass
  51.         }
  52.         if {$static::ck_debug}{log local0. "Set-Cookie header(s): [HTTP::header values Set-Cookie]"}
  53.     }
  54. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement