Welcome! Log In Create A New Profile

Advanced

Can I obfuscate a token in a log message using Nginx?

July 03, 2024 01:24PM
I'm an Nginx neophyte.

I'm currently logging like this:
//\\//\\//\\//\\
http {
log_format main escape=json '{'
'"remote_addr":"$remote_addr",'
'"remote_user":"$remote_user",'
'"time_local":"$time_iso8601",'
'"request":"$request",'
'"request_method":"$request_method",'
'"uri":"$uri",'
'"query_string":"$query_string",'
'"status":"$status",'
'"http_authorization":"$http_authorization",'
'"request_length":"$request_length",'
'"body_bytes_sent":"$body_bytes_sent",'
'"http_referer":"$http_referer",'
'"http_user_agent":"$http_user_agent",'
'"http_x_forwarded_for":"$http_x_forwarded_for",'
'"request_time":"$request_time",'
'"connection_time":"$connection_time"'
'}';

access_log /var/log/nginx/access.log main;
//\\//\\//\\//\\

The http_authorization field looks like, for example:
"http_authorization":"Bearer TACTxxxxxxxxxredactedxxxxxxxxxxxxxxx"

I want to extract the "TACTxxxxxxxxxredactedxxxxxxxxxxxxxx" and replace it with a sha-512 hash of itself, for security.

I'm seeing njs and map, and am wondering if there's a good way to do this?

I googled for about a half day looking for clues, but didn't find a lot.

Any suggestions?

Thanks!
Subject Author Posted

Can I obfuscate a token in a log message using Nginx?

dstromberg July 03, 2024 01:24PM

Re: Can I obfuscate a token in a log message using Nginx?

dstromberg July 03, 2024 04:27PM

Re: Can I obfuscate a token in a log message using Nginx?

dstromberg July 03, 2024 04:29PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 107
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready