Skip to content

Instantly share code, notes, and snippets.

@actionjack
Forked from deltheil/nginx.conf
Created Sep 14, 2020
Embed
What would you like to do?
Hide sensitive GET parameters within nginx access logs thanks to the Lua module
http {
log_format filt '$remote_addr - $remote_user [$time_local] "$_request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
server {
location /login {
# `set` is provided by the Rewrite module
set $filter "password|secret";
set_by_lua $_request '
local filt = ngx.arg[1]
local req = ngx.arg[2]
return ngx.re.gsub(req, "((" .. filt .. ")=)[^&]+", "$1-FILTERED-")
' $filter $request;
access_log logs/access.log filt;
# ...
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment