From f137b82227f7b32b2ca036a89068c806a29a5ac7 Mon Sep 17 00:00:00 2001 From: Aaron Taylor Date: Fri, 12 Mar 2021 15:01:34 -0500 Subject: logging: add replace filter for static value replacement (#4029) This filter is intended to be useful in scenarios where you may want to redact a value with a static string, giving you information that the field did previously exist and was present, but not revealing the value itself in the logs. This was inspired by work on adding more complete support for removing sensitive values from logs [1]. An example use case would be the Authorization header in request log output, for which the value should usually not be logged, but it may be quite useful for debugging to confirm that the header was present in the request. [1] https://github.com/caddyserver/caddy/issues/3958 --- caddytest/integration/caddyfile_adapt/log_filters.txt | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'caddytest/integration/caddyfile_adapt') diff --git a/caddytest/integration/caddyfile_adapt/log_filters.txt b/caddytest/integration/caddyfile_adapt/log_filters.txt index ab11807..0949c1d 100644 --- a/caddytest/integration/caddyfile_adapt/log_filters.txt +++ b/caddytest/integration/caddyfile_adapt/log_filters.txt @@ -5,7 +5,7 @@ log { format filter { wrap console fields { - request>headers>Authorization delete + request>headers>Authorization replace REDACTED request>headers>Server delete request>remote_addr ip_mask { ipv4 24 @@ -30,7 +30,8 @@ log { "encoder": { "fields": { "request\u003eheaders\u003eAuthorization": { - "filter": "delete" + "filter": "replace", + "value": "REDACTED" }, "request\u003eheaders\u003eServer": { "filter": "delete" @@ -66,4 +67,4 @@ log { } } } -} \ No newline at end of file +} -- cgit v1.2.3