Cirrostratus
CirrostratusFor example, using two different priorities shows the true value of the cookie changing without explicitly setting the cookie value to the output of HTTP::cookie encrypt.
when RULE_INIT {
set ::cookie_passphrase "some phrase"
set ::cookie_name "cookie_name"
set ::cookie_value "cookie_value"
}
when HTTP_REQUEST priority 500 {
HTTP::cookie insert name $::cookie_name value $::cookie_value
log local0. "500 Unencrypted cookie value: [HTTP::cookie value $::cookie_name]"
Encrypt cookie and save the encrypted value
set encrypted_value [HTTP::cookie encrypt $::cookie_name $::cookie_passphrase]
log local0. "500 \$encrypted_value: $encrypted_value"
log local0. "500 Correct cookie header value: [HTTP::header value Cookie]"
log local0. "500 Cached cookie value: [HTTP::cookie value $::cookie_name]"
}
when HTTP_REQUEST priority 501 {
log local0. "501 Encrypted test cookie value: [HTTP::cookie value $::cookie_name]"
log local0. "501 Cookie header with encrypted value: [HTTP::header value Cookie]"
}
when HTTP_REQUEST priority 502 {
Encrypt cookie and save the encrypted value
set decrypted_value [HTTP::cookie decrypt $::cookie_name $::cookie_passphrase]
log local0. "502 \$decrypted_value: $decrypted_value"
log local0. "502 Decrypted cookie header value: [HTTP::header value Cookie]"
log local0. "502 Decrypted cookie value: [HTTP::cookie value $::cookie_name]"
}Log output:
: 500 Unencrypted cookie value: cookie_value: 500 $encrypted_value: f3lzsw7kqxIeu2vI6yy8eCITlBtuGboyFJ5D1ES0tzpxA98XJ90P: 500 Correct cookie header value: cookie_name=f3lzsw7kqxIeu2vI6yy8eCITlBtuGboyFJ5D1ES0tzpxA98XJ90P;: 500 Cached cookie value: cookie_value: 501 Encrypted test cookie value: f3lzsw7kqxIeu2vI6yy8eCITlBtuGboyFJ5D1ES0tzpxA98XJ90P: 501 Cookie header with encrypted value: cookie_name=f3lzsw7kqxIeu2vI6yy8eCITlBtuGboyFJ5D1ES0tzpxA98XJ90P;: 502 $decrypted_value: cookie_value: 502 Decrypted cookie header value: cookie_name=cookie_value;: 502 Decrypted cookie value: cookie_valueAaron