Skip to content

Instantly share code, notes, and snippets.

@deltheil

deltheil/nginx.conf

Created June 4, 2012 07:57
Show Gist options
  • Star 18 You must be signed in to star a gist
  • Fork 4 You must be signed in to fork a gist
  • Save deltheil/2867074 to your computer and use it in GitHub Desktop.
Save deltheil/2867074 to your computer and use it in GitHub Desktop.
Download ZIP
Hide sensitive GET parameters within nginx access logs thanks to the Lua module
Raw
nginx.conf
http {
log_format filt '$remote_addr - $remote_user [$time_local] "$_request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
server {
location /login {
# `set` is provided by the Rewrite module
set $filter "password|secret";
set_by_lua $_request '
local filt = ngx.arg[1]
local req = ngx.arg[2]
return ngx.re.gsub(req, "((" .. filt .. ")=)[^&]+", "$1-FILTERED-")
' $filter $request;
access_log logs/access.log filt;
# ...
}
}
}
@deltheil
Copy link
Author

Thanks for this alternative!

@ricardograca
Copy link

The above alternative from @Rockes won't work because you can't have log_format directives inside location blocks. It can only exist inside http blocks.

@anxo-outeiral
Copy link

Hi! This works for me: https://serverfault.com/questions/1046249/exclude-a-specific-query-parameter-from-being-logged-in-nginx

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment