F5 实现 cookie 加解密

相关链接:https://clouddocs.f5.com/api/irules/AES.html

https://identity.account.f5.com/app/f5networksprod_welcometodevcentral_1/exkjzcpvzl9XNStiq356/sso/saml?RelayState=%2Fs%2Farticles%2Fencrypting-cookies

 https://bbs.pediy.com/thread-253884.htm   #AES 算法说明

 

实现  cookie 加密  以及任何其他加密

when RULE_INIT {
 set ::key [AES::key 128]
 }
 when HTTP_RESPONSE {
 set decrypted [HTTP::cookie "MyCookie"]
 HTTP::cookie remove "MyCookie"
 set encrypted [b64encode [AES::encrypt $::key $decrypted]]
 HTTP::cookie insert name "MyCookie" value $encrypted
 }
 when HTTP_REQUEST {
 set encrypted [HTTP::cookie "MyCookie"]
 HTTP::cookie remove "MyCookie"
 set decrypted [AES::decrypt $::key [b64decode $encrypted]]
 HTTP::cookie insert name "MyCookie" value $decrypted
 }

或者:

 

when CLIENT_ACCEPTED {
  set cookiename "MyCookie"
  set encryption_passphrase "abcd1234"
}
when HTTP_RESPONSE {
  if { [HTTP::cookie exists $cookiename] } {
    HTTP::cookie encrypt $cookiename $encryption_passphrase
  }
}
when HTTP_REQUEST {
  if { [HTTP::cookie exists $cookiename] } {
    set decrypted [HTTP::cookie decrypt $cookiename $encryption_passphrase]
    if { ($decrypted eq "") } {
      # Cookie wasn't encrypted, delete it
      HTTP::cookie remove $cookiename
    }
  }
}

 

 

when CLIENT_ACCEPTED {
   # Define an AES encryption key. Valid key lengths are 128, 192, or 256 bits. 
   # You can use a key generator, or create your own using only HEX characters.
   set aes_key "AES 128 63544a5e7178677b45366b41405f2dab"
   # Name of the cookie to encrypt/decrypt
   set cookie"myCookie"
   # Log debug messages to /var/log/ltm?  1=yes, 0=no.
   set cookie_encryption_debug 0
}
when HTTP_RESPONSE {
   # Check if response contains an error cookie with a value
   if {[string length [HTTP::cookie value $cookie]] > 0}{
      # Log the original error cookie value from the app
      if {$cookie_encryption_debug}{log local0. \
         "Response from app contained our cookie: [HTTP::cookie value $cookie]"}
      # Encrypt the cookie value so the client can't change the value
      HTTP::cookie value $cookie [URI::encode [AES::encrypt $aes_key [HTTP::cookie value $cookie]]]
      # Log the encoded and encrypted error cookie value
      if {$cookie_encryption_debug}{log local0. \
        "Encrypted error cookie to: [URI::encode [AES::encrypt $aes_key [HTTP::cookie value $cookie]]]"}
   }
}
when HTTP_REQUEST {
   # If the error cookie exists with any value, for any requested object, try to decrypt it
   if {[string length [HTTP::cookie value $cookie]]}{
      if {$cookie_encryption_debug}{log local0. \
         "Original error cookie value: [HTTP::cookie value $cookie]"}
      # URI decode the value (catching any errors that occur when trying to 
      # decode the cookie value and save the output to cookie_uri_decoded)
      if {not ([catch {URI::decode [HTTP::cookie value $cookie]} cookie_uri_decoded])}{
         # Log that the cookie was URI decoded
         if {$cookie_encryption_debug}{log local0. "\$cookie_uri_decoded was set successfully"}
         # Decrypt the value
         if {not ([catch {AES::decrypt $aes_key $cookie_uri_decoded} cookie_decrypted])}{
            # Log the decrypted cookie value
            if {$cookie_encryption_debug}{log local0. "\$cookie_decrypted: $cookie_decrypted"}
         } else {
            # URI decoded value couldn't be decrypted.
         }
      } else {
         # Cookie value couldn't be URI decoded
      }
   } else {
      # Cookie wasn't present in the request
   }
}