Mask sensitive data in logs

lukastribus · August 28, 2019, 8:40pm

No easy way as far as I can see, a feature request for a simpler solution has been posted here:

Here’s a LUA workaround:

/etc/haproxy/anonymizeToken.lua:

local function anonymizeToken(url)
   if url == nil then
       return
   end
   url = url:gsub("token=[^&]+", "token=******")
   return url
 end

core.register_converters("anonymizeToken", anonymizeToken)

Config:

global
    lua-load /etc/haproxy/anonymizeToken.lua

frontend blabla
    log-format "%[capture.req.uri,lua.anonymizeToken]"

Topic		Replies	Views
How to use "]" in a regsub converter inside a log format Help!	8	5067	August 28, 2019
Making a separate HTTP Request from Lua ("http-req" action) Help!	3	3229	June 9, 2022
Log http request body and performance impact Help!	1	776	September 15, 2021
Log-format %HU for http/2 requests logs full url (including protocol) Help!	4	3221	September 21, 2020
HAProxy cuts parameter in log output Help!	1	427	November 21, 2019

Mask sensitive data in logs

Related Topics