Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- TCL error: Rule Enterprise_F5_Fix_with_E35-THD_cookie_encrypt HTTP_REQUEST - cant read cookie: no such variable while executing HTTP::cookie value $cookie
- when CLIENT_ACCEPTED {
- # Define an AES encryption key. A 128 bit (or larger) key is recommended.
- # You can use a key generator, or create your own using only HEX characters.
- set aes_key "63544a5e7178677b45366b4140"
- # Name of the cookie to encrypt/decrypt
- set cookie "app_cookie"
- # Log debug messages to /var/log/ltm? 1=yes, 0=no.
- set cookie_encryption_debug 0
- }
- when HTTP_REQUEST {
- # If the error cookie exists with any value, for any requested object, try to decrypt it
- if {[string length [HTTP::cookie value $cookie]]}{
- if {$cookie_encryption_debug}{log local0. \
- "Original error cookie value: [HTTP::cookie value $cookie]"}
- # URI decode the value (catching any errors that occur when trying to
- # decode the cookie value and save the output to cookie_uri_decoded)
- if {not ([catch {URI::decode [HTTP::cookie value $cookie]} cookie_uri_decoded])}{
- # Log that the cookie was URI decoded
- if {$cookie_encryption_debug}{log local0. "\$cookie_uri_decoded was set successfully"}
- # Decrypt the value
- if {not ([catch {AES::decrypt $aes_key $cookie_uri_decoded} cookie_decrypted])}{
- # Log the decrypted cookie value
- if {$cookie_encryption_debug}{log local0. "\$cookie_decrypted: $cookie_decrypted"}
- } else {
- # URI decoded value couldn't be decrypted.
- }
- } else {
- # Cookie value couldn't be URI decoded
- }
- } else {
- # Cookie wasn't present in the request
- }
- if {[HTTP::uri] ends_with ".asmx?WSDL"}{
- set rewrite 1
- if { [HTTP::version] eq "1.1" } {
- HTTP::version "1.0"
- }
- } else {
- set rewrite 0
- }
- switch [getfield [string tolower [HTTP::uri]] "/" 2] {
- appe21test {pool test.app_EE_20 }
- appe21 { pool www.company.com_e20 }
- appe30 { pool www.company.com_e30 }
- appe30test { pool www.company.com_e30test }
- se08q4 { pool www.company.com_08q4 }
- }
- }
- when HTTP_RESPONSE {
- # Check if response contains an error cookie with a value
- if {[string length [HTTP::cookie value $cookie]] > 0}{
- # Log the original error cookie value from the app
- if {$cookie_encryption_debug}{log local0. \
- "Response from app contained our cookie: [HTTP::cookie value $cookie]"}
- # Encrypt the cookie value so the client can't change the value
- HTTP::cookie value $cookie [URI::encode [AES::encrypt $aes_key [HTTP::cookie value $cookie]]]
- # Log the encoded and encrypted error cookie value
- if {$cookie_encryption_debug}{log local0. \
- "Encrypted error cookie to: [URI::encode [AES::encrypt $aes_key [HTTP::cookie value $cookie]]]"}
- }
- if {$rewrite == 1}{
- # collect payload for URI replacement
- if {[HTTP::header exists Content-Length]}{
- set clength [HTTP::header Content-Length]
- } else {
- set clength 4294967295
- }
- if { !($clength == 0) } {
- HTTP::collect $clength
- }
- }
- }
- when HTTP_RESPONSE_DATA {
- set payload [HTTP::payload]
- regsub -all {(<soap:address location=\")(http://)(.*?\.asmx)} $payload "\\1https://\\3" payload
- HTTP::payload replace 0 [HTTP::payload length] $payload
- HTTP::release
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement