Welcome! Log In Create A New Profile

Advanced

avoid sensitive GET request parameter's data in the access logs

Posted by uttam 
avoid sensitive GET request parameter's data in the access logs
March 21, 2017 04:14AM
I require access logs enabled, but for compliance reasons, cannot log a sensitive GET request parameter's data in the access logs. While I know, I could parse the logs (after-the-fact) and sanitize them, this is not an acceptable solution -- because for compliance reasons logs can't be tampered with.

I tried setting if statement in Location directive
if ($request_uri~ (.)password=[^&](.*)) { set $request_uri$1password=XXXXX$2; }

but here i read that 'if' is not safe in Location.
https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/

can you suggest alternative, may be in server directive
Re: avoid sensitive GET request parameter's data in the access logs
March 21, 2017 05:17AM
https://www.bjornjohansen.no/exclude-requests-from-nginx-access-log

---
nginx for Windows http://nginx-win.ecsds.eu/
Re: avoid sensitive GET request parameter's data in the access logs
March 21, 2017 10:26AM
Thanks for the reply. But i dont want to exclude these entries in log but wanted to mask the values of these credential parameters from the request.
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 80
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready