Forum Discussion

mtobkes_64700's avatar
mtobkes_64700
Icon for Nimbostratus rankNimbostratus
May 06, 2010

Hashing header Values

Can someone please tell me if the LTM is able to perform hashing on values received in HTTP request headers? Please tell me if the following requirements are possible using an iRule?

 

 

1) When an HTTP request is received, the value of header X-GoodSource-Data is combined with the value of the userid cookie. If the userid cookie is not present, use "0" (zero) for userid.

 

 

2) The value is then hashed using HMAC-MD5.

 

 

3) The hashed value is then compared to the value of header X-GoodSource-Auth.

 

 

4) If the hashed value matches X-GoodSource-Auth, then the request is valid.

 

 

5) If the hashed value does not match X-GoodSource-Auth, then delete the True-Client-IP header.

 

 

Thanks,

 

myles
application delivery
dev
devops
iRules

2 Replies

Sort By
  • hooleylist's avatar
    hooleylist
    Icon for Cirrostratus rankCirrostratus
    May 11, 2010
    Hi Myles,

     

     

    I don't think there is a way to calculate HMAC's. You can calculate md5 hashes using the md5 function. So it seems like you could implement the steps you've outlined using the following commands:

     

     

    HTTP::header

     

    md5

     

    HTTP::cookie

     

     

    Aaron
  • spark_86682's avatar
    spark_86682
    Historic F5 Account
    May 11, 2010
    This sounds doable, if a bit heavywight. There is no build-in command to compute an HMAC, but there is to compute MD5, so if you modify the iRule at http://devcentral.f5.com/Wiki/default.aspx/iRules/HMAC.html to use MD5 instead of sha256, then that should work fine.