Welcome! Log In Create A New Profile

Advanced

skip logging some query parameters during GET request

Posted by Dave Cottlehuber 
Dave Cottlehuber
skip logging some query parameters during GET request
March 13, 2018 02:00PM
Hi,

I'm using haproxy to handle TLS termination to a 3rd party API that requires authentication (username/password) to be passed as query parameters to a GET call.

I want to log the request as usual, just not all the query parameters. Obviously for a POST the parameters would not be logged at all, but is it possible to teach haproxy to exclude one specific query parameters on a GET request?

the request:

GET /api?username=seriously&password=ohnoes&command=locate&item=chocolat

desired log something like:

GET /api?username=seriously&command=locate&item=chocolat

I can do this downstream in rsyslog but I'd prefer to cleanse the urls up front.

A+
Dave
Jonathan Matthews
Re: skip logging some query parameters during GET request
March 13, 2018 03:50PM
I *think* you're going to have to fully construct your logging format with
a whitelist of params you want, rather than an exclusion list. I'm not sure
you can scope this by HTTP method, however.

Given your use of this as a forward proxy, I assume you could scope it by
Host header ... but that *might* require a double pass through haproxy,
with an "[email protected]" style listener containing the logging format configuration.

HTH,
J

On Tue, 13 Mar 2018 at 12:51, Dave Cottlehuber <[email protected]> wrote:

> Hi,
>
> I'm using haproxy to handle TLS termination to a 3rd party API that
> requires authentication (username/password) to be passed as query
> parameters to a GET call.
>
> I want to log the request as usual, just not all the query parameters.
> Obviously for a POST the parameters would not be logged at all, but is it
> possible to teach haproxy to exclude one specific query parameters on a GET
> request?
>
> the request:
>
> GET /api?username=seriously&password=ohnoes&command=locate&item=chocolat
>
> desired log something like:
>
> GET /api?username=seriously&command=locate&item=chocolat
>
> I can do this downstream in rsyslog but I'd prefer to cleanse the urls up
> front.
>
> A+
> Dave
>
> --
Jonathan Matthews
London, UK
http://www.jpluscplusm.com/contact.html
Sorry, only registered users may post in this forum.

Click here to login