Encrypt URL's and querystrings

Question

I know about the SSN and credit card scrubber, but is it possible to search the payload for http href's and replace them with an encrypted string them decrypt it on the way back in.&nbsp;
&nbsp;We have some info in our querystrings that we would like to hide using the loadbalancer until the development staff can make the appropriate change to the code.&nbsp;
&nbsp;Any help would be greatly appreciated.&nbsp;
&nbsp;Thanks,
&nbsp;Eric

hooleylist · Answer

Hi,&nbsp;
&nbsp;You should be able to use the credit card scrubber rule (Click here) as an example for inspecting and replacing the HTTP response content.   You could search for the URLs/URIs in the response content and use the AES functions (Click here) to encrypt the content.  On subsequent responses, you could use HTTP::header or HTTP::uri to decrypt the strings.&nbsp;
&nbsp;If there is sensitive data in the HTTP response headers, you would need to en/decrypt that seperately using the HTTP::header functions (Click here).&nbsp;
&nbsp;Try starting with this and repost with any questions.&nbsp;
&nbsp;Aaron

tom_spector_50 · Answer

Please note that this would work provided there is no client side logic that uses these links or information in these links.

Forum Discussion

Encrypt URL's and querystrings

2 Replies

Recent Discussions

Can iRule be used to perform exception of IPI category based on Geolocation

Can iRule mask the payload content on event logs of security

minimum tmos software version for connect CIS (openshift)

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5 Rseries HA

Related Content

Decrypt, Encrypt, Decrypt, Encrypt, Encrypt....

Let's Encrypt

Automate Let's Encrypt Certificates on BIG-IP

Encrypting Cookies

Cookie Encryption