Bob_124896
Feb 26, 2014Nimbostratus
Cookie encryption in a high volume environment
Hi, We would like to know if anyone has used i-rule crypting API to encrypt/decrypt cookie content in a high volume environment (120-130 transactions per second). The following code works well however, will it perform efficiently with tons of traffic? Any benchmarking data or comments would be appreciated.
when RULE_INIT {
Log debug messages to /var/log/ltm? 1=yes, 0=no.
set ::debug 1
set ::cookie "servletAiguilleur.origine"
key for use in encryption/decryption operations.
set ::key [substr [AES::key 128] 8]
set ::iv [substr [AES::key 128] 8]
}
when HTTP_RESPONSE {
if {[string length [HTTP::cookie value $::cookie]] > 0}{
Log the original cookie value from the app
if {$::debug}{log local0. "\Response from app contained our CRYPTO cookie: [HTTP::cookie value $::cookie]"}
set cookie_admin [HTTP::cookie value $::cookie]
set encrypted_cookie [CRYPTO::encrypt -alg aes-128-cbc -keyhex $::key -ivhex $::iv $cookie_admin]
set encoded_cookie [b64encode $encrypted_cookie]
log local0. "CRYPTO $cookie_admin encryption : $encrypted_cookie"
log local0. "CRYPTO encoded_cookie : $encoded_cookie"
HTTP::cookie remove $::cookie
HTTP::cookie insert name $::cookie value $encoded_cookie
}
}
when HTTP_REQUEST {
log local0. [HTTP::uri]
If the cookie exists with any value, for any requested object, try to decrypt it
if {[string length [HTTP::cookie value $::cookie]]}{
set cookie_admin [HTTP::cookie value $::cookie]
if {$::debug}{log local0. "\Request to app contained our CRYPTO cookie: $cookie_admin"}
set decoded_cookie [b64decode $cookie_admin]
set decrypted_cookie [CRYPTO::decrypt -alg aes-128-cbc -keyhex $::key -ivhex $::iv $decoded_cookie]
log local0. "CRYPTO decoded_cookie : $decoded_cookie"
log local0. "CRYPTO decrypted_cookie : $decrypted_cookie"
HTTP::cookie remove $::cookie
HTTP::cookie insert name $::cookie value $decrypted_cookie
} else {
Cookie wasn't present in the request
}
}