WSO2 APIM – 从API日志中移除授权头部

huangapple go评论58阅读模式
英文:

WSO2 APIM - Remove Authorization header from API LOG

问题

I want to remove from api.log file the authorization header that appears there:

[2022-02-08 15:00:57,703] INFO {API_LOG} pizzashack - {"headers":["accept=application/json",...,"Connection=keep-alive","Host=localhost:8243","authorization=Bearer yJraWQiOiJnYXRld2F5X3g...","Origin=https://localhost:9443"..

I want to delete that token inside authorization header, how can I do it? I have tried with log4j properties adding:

logger.API_LOGGER.property.apim.message = %replace{%msg}{authorization:[^,]*}{"Authorization: Bearer ***"}{}

But it gives me an error when restarting APIM.

英文:

I want to remove from api.log file the authorization header that appears there:

[2022-02-08 15:00:57,703]  INFO {API_LOG} pizzashack - {"headers":["accept=application/json",...,"Connection=keep-alive","Host=localhost:8243","authorization=Bearer yJraWQiOiJnYXRld2F5X3g...","Origin=https://localhost:9443"..

I want to delete that token inside authorization header, how can i do it? I have tried with log4jproperties adding:

 logger.API_LOGGER.property.apim.message = %replace{%msg}{authorization:[^,]*}{"Authorization: Bearer ***"}{}

But it gives me an error when restarting APIM.

答案1

得分: 0

你可以使用日志屏蔽来完成这个任务[1]。

下面是一个示例配置。

  1. 在deployment.toml中添加以下JWT的屏蔽正则表达式(请注意,这只是一个示例,你可能需要改进它以仅捕获JWT,)
[masking_pattern.properties]
"JWT" = '\\b([a-zA-Z0-9_=]+)\\.([a-zA-Z0-9_=]+)\\.([a-zA-Z0-9_\\-\\+\\/=]*)\\''
  1. 通过以下方式更新日志模式来启用API_LOGGER的日志屏蔽。
appender.API_LOGFILE.layout.pattern = [%d] %5p {%c} %X{apiName} - %mm%ex%n

[1]. https://apim.docs.wso2.com/en/4.1.0/administer/logging-and-monitoring/logging/masking-sensitive-information-in-logs/

英文:

You should be able to do this using log-masking[1].

A sample config is shown below.

  1. Add below masking regex for JWT in deployment.toml (Please note this is a sample only, you may have to improve this to only capture JWTs, )
[masking_pattern.properties]
"JWT" = ' \\b([a-zA-Z0-9_=]+)\\.([a-zA-Z0-9_=]+)\\.([a-zA-Z0-9_\\-\\+\\/=]*)\\"'
  1. Enable log masking for API_LOGGER by updating log pattern as below.
appender.API_LOGFILE.layout.pattern = [%d] %5p {%c} %X{apiName} - %mm%ex%n

[1]. https://apim.docs.wso2.com/en/4.1.0/administer/logging-and-monitoring/logging/masking-sensitive-information-in-logs/

huangapple
  • 本文由 发表于 2023年6月8日 18:08:44
  • 转载请务必保留本文链接:https://go.coder-hub.com/76430775.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定