remove TTL from is_timed_hmac_valid_v0 | Cloudflare Developers | Page 1

teal kraken Feb 18, 2024, 6:48 PM

#

Hello, is it possible to disable the TTL, so WAF only used for verifying the hmac without checking expiration, thankyou

(http.host eq "mydomain.com" and not is_timed_hmac_valid_v0("mysecret", http.request.uri, 300, http.request.timestamp.sec, 8))

dark peak Feb 18, 2024, 6:50 PM

#

Nope

teal kraken Feb 18, 2024, 6:51 PM

#

dark peak Nope

I see, but I can make it for 50 years, then I update it 50 years later, correct ?

dark peak Feb 18, 2024, 6:51 PM

#

Sure?

#

Might be limited to 2038 due to 32bit unix timestamp, idk

#

Try it

teal kraken Feb 18, 2024, 6:52 PM

#

dark peak Sure?

do you think is_timed_hmac_valid_v0 can receive value from header instead of http.request.uri ?

teal kraken Feb 18, 2024, 6:52 PM

#

dark peak Might be limited to 2038 due to 32bit unix timestamp, idk

this should not be a problem, as it store second, not epoch

dark peak Feb 18, 2024, 6:52 PM

#

teal kraken this should not be a problem, as it store second, not epoch

Thats epoch

teal kraken Feb 18, 2024, 6:53 PM

#

yeah, but It's not like defining epoch since 1970 correct?, it a second addition until expired (like 300 on the rule above)

dark peak Feb 18, 2024, 6:54 PM

#

??

teal kraken Feb 18, 2024, 6:54 PM

#

thanks leo

dark peak Feb 18, 2024, 6:54 PM

#

http.request.timestamp.sec is unix timestamp

teal kraken Feb 18, 2024, 6:55 PM

#

I don't understand, it's should be on cloudflare to maintain it's data type, correct ?

#

MeowHeartCloudflare

dark peak Feb 18, 2024, 6:56 PM

#

dark peak Try it

.

teal kraken Feb 18, 2024, 7:32 PM

#

dark peak .

nice seems working

#

if not valid hmac or expired, then redirect to rick astley

#remove TTL from is_timed_hmac_valid_v0