OpenResty:匿名查询参数
OpenResty: Anonymise query parameter
我正在尝试匿名化电子邮件地址(用 UUID 替换它)以避免将它们作为明文保存在我的 nginx 访问日志中。现在,我只能通过覆盖 OpenResty's nginx.conf 将其替换为 ***** :
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$anonymized_request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log logs/access.log main;
....
map $request $anonymized_request {
default $request;
~([^\?]*)\?(.*)emailAddress=(?<email_address>[^&]*)(&?)(.*)(\s.*) "?emailAddress=*****"; # $email_address;
}
include /etc/nginx/conf.d/*.conf;
}
当前结果:
# curl http://localhost:8080/?emailAddress=dat@mail.de&attr=hello
127.0. 0.1 - - [24/Jan/2020:11:38:06 +0000] "GET /?emailAddress=*****&attr=hello HTTP/1.1" 200 649 "-" "curl/7.64.1" "-"
预计:
127.0. 0.1 - - [24/Jan/2020:11:38:06 +0000] "GET /?emailAddress=a556c480-3188-5181-8e9c-7ce4e391c1de&attr=hello HTTP/1.1" 200 649 "-" "curl/7.64.1" "-"
请问,是否可以将 email_address 变量传递给将其转换为 UUID 的脚本?或者,我们如何使用 log_by_lua_block?
获得相同的日志格式
可能这不是一个完全确定的方法,但 this is the first Lua UUID generation function I found trough google (all credits goes to Jacob Rus)。我稍微修改了此函数以使其使用随机化器种子,因此它将始终为相同的电子邮件地址生成相同的 UUID。您可以将其重写为更适合您需要的任何内容,这只是想法:
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$anonymized_request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log logs/access.log main;
...
map $request $anonymized_request {
default $request;
~([^\?]*)\?(.*)emailAddress=(?<email_address>[^&]*)(&?)(.*)(\s.*) "?emailAddress=$uuid"; # $email_address;
}
...
server {
...
set $uuid '';
log_by_lua_block {
local function uuid(seed)
math.randomseed(seed)
local template ='xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'
return string.gsub(template, '[xy]', function (c)
local v = (c == 'x') and math.random(0, 0xf) or math.random(8, 0xb)
return string.format('%x', v)
end)
end
local email = ngx.var.arg_emailAddress
if email == nil then email = '' end
-- get CRC32 of 'email' query parameter for using it as a seed for lua randomizer
-- using https://github.com/openresty/lua-nginx-module#ngxcrc32_short
-- this will allow to always generate the same UUID for each unique email address
local seed = ngx.crc32_short(email)
ngx.var.uuid = uuid(seed)
}
}
}
我正在尝试匿名化电子邮件地址(用 UUID 替换它)以避免将它们作为明文保存在我的 nginx 访问日志中。现在,我只能通过覆盖 OpenResty's nginx.conf 将其替换为 ***** :
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$anonymized_request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log logs/access.log main;
....
map $request $anonymized_request {
default $request;
~([^\?]*)\?(.*)emailAddress=(?<email_address>[^&]*)(&?)(.*)(\s.*) "?emailAddress=*****"; # $email_address;
}
include /etc/nginx/conf.d/*.conf;
}
当前结果:
# curl http://localhost:8080/?emailAddress=dat@mail.de&attr=hello
127.0. 0.1 - - [24/Jan/2020:11:38:06 +0000] "GET /?emailAddress=*****&attr=hello HTTP/1.1" 200 649 "-" "curl/7.64.1" "-"
预计:
127.0. 0.1 - - [24/Jan/2020:11:38:06 +0000] "GET /?emailAddress=a556c480-3188-5181-8e9c-7ce4e391c1de&attr=hello HTTP/1.1" 200 649 "-" "curl/7.64.1" "-"
请问,是否可以将 email_address 变量传递给将其转换为 UUID 的脚本?或者,我们如何使用 log_by_lua_block?
可能这不是一个完全确定的方法,但 this is the first Lua UUID generation function I found trough google (all credits goes to Jacob Rus)。我稍微修改了此函数以使其使用随机化器种子,因此它将始终为相同的电子邮件地址生成相同的 UUID。您可以将其重写为更适合您需要的任何内容,这只是想法:
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$anonymized_request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log logs/access.log main;
...
map $request $anonymized_request {
default $request;
~([^\?]*)\?(.*)emailAddress=(?<email_address>[^&]*)(&?)(.*)(\s.*) "?emailAddress=$uuid"; # $email_address;
}
...
server {
...
set $uuid '';
log_by_lua_block {
local function uuid(seed)
math.randomseed(seed)
local template ='xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'
return string.gsub(template, '[xy]', function (c)
local v = (c == 'x') and math.random(0, 0xf) or math.random(8, 0xb)
return string.format('%x', v)
end)
end
local email = ngx.var.arg_emailAddress
if email == nil then email = '' end
-- get CRC32 of 'email' query parameter for using it as a seed for lua randomizer
-- using https://github.com/openresty/lua-nginx-module#ngxcrc32_short
-- this will allow to always generate the same UUID for each unique email address
local seed = ngx.crc32_short(email)
ngx.var.uuid = uuid(seed)
}
}
}