Nginx OpenResty:匿名查询参数
我正在尝试匿名化电子邮件地址(用UUID替换),以避免在我的nginx访问日志中将其作为明文保存。目前,我只能通过覆盖以下内容将其替换为Nginx OpenResty:匿名查询参数,nginx,nginx-config,openresty,nginx-log,sidecar,Nginx,Nginx Config,Openresty,Nginx Log,Sidecar,我正在尝试匿名化电子邮件地址(用UUID替换),以避免在我的nginx访问日志中将其作为明文保存。目前,我只能通过覆盖以下内容将其替换为****: 预期: 127.0. 0.1 - - [24/Jan/2020:11:38:06 +0000] "GET /?emailAddress=a556c480-3188-5181-8e9c-7ce4e391c1de&attr=hello HTTP/1.1" 200 649 "-" "curl/7.64.1" "-" 请问,是否可以将email\u
****127.0. 0.1 - - [24/Jan/2020:11:38:06 +0000] "GET /?emailAddress=a556c480-3188-5181-8e9c-7ce4e391c1de&attr=hello HTTP/1.1" 200 649 "-" "curl/7.64.1" "-"
请问,是否可以将
email\u addresshttp {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$anonymized_request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log logs/access.log main;
...
map $request $anonymized_request {
default $request;
~([^\?]*)\?(.*)emailAddress=(?<email_address>[^&]*)(&?)(.*)(\s.*) "$1?$2emailAddress=$uuid$4$5$6"; # $email_address;
}
...
server {
...
set $uuid '';
log_by_lua_block {
local function uuid(seed)
math.randomseed(seed)
local template ='xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'
return string.gsub(template, '[xy]', function (c)
local v = (c == 'x') and math.random(0, 0xf) or math.random(8, 0xb)
return string.format('%x', v)
end)
end
local email = ngx.var.arg_emailAddress
if email == nil then email = '' end
-- get CRC32 of 'email' query parameter for using it as a seed for lua randomizer
-- using https://github.com/openresty/lua-nginx-module#ngxcrc32_short
-- this will allow to always generate the same UUID for each unique email address
local seed = ngx.crc32_short(email)
ngx.var.uuid = uuid(seed)
}
}
}
http{
包括mime.types;
默认_类型应用程序/八位字节流;
日志格式主“$remote\u addr-$remote\u user[$time\u local]”“$anonymized\u request””
“$status$body\u bytes\u sent”$http\u referer”
“$http_user_agent”“$http_x_forwarded_for””;
access_log logs/access.log main;
...
映射$request$匿名请求{
默认$request;
([^\?]*)\?(.*)电子邮件地址=(?[^&]*)(&?(.*)(\s.*)“$1?$2emailAddress=$uuid$4$5$6”;#$email\u地址;
}
...
服务器{
...
设置$uuid“”;
按块记录{
局部函数uuid(seed)
数学.随机种子(种子)
本地模板='xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxx'
返回字符串.gsub(模板“[xy]”,函数(c)
局部v=(c='x')和math.random(0,0xf)或math.random(8,0xb)
返回字符串。格式('%x',v)
(完)
结束
本地电子邮件=ngx.var.arg\u电子邮件地址
如果email==nil,则email=''结束
--获取“email”查询参数的CRC32,以便将其用作lua随机化器的种子
--使用https://github.com/openresty/lua-nginx-module#ngxcrc32_short
--这将允许始终为每个唯一的电子邮件地址生成相同的UUID
本地seed=ngx.crc32_短(电子邮件)
ngx.var.uuid=uuid(种子)
}
}
}
log\u by\u luaemailAddress的方法,然后使用localseed=ngx.crc32_short(email)ngx.var.uuid=uuid(seed)end127.0. 0.1 - - [24/Jan/2020:11:38:06 +0000] "GET /?emailAddress=a556c480-3188-5181-8e9c-7ce4e391c1de&attr=hello HTTP/1.1" 200 649 "-" "curl/7.64.1" "-"
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$anonymized_request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log logs/access.log main;
...
map $request $anonymized_request {
default $request;
~([^\?]*)\?(.*)emailAddress=(?<email_address>[^&]*)(&?)(.*)(\s.*) "$1?$2emailAddress=$uuid$4$5$6"; # $email_address;
}
...
server {
...
set $uuid '';
log_by_lua_block {
local function uuid(seed)
math.randomseed(seed)
local template ='xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'
return string.gsub(template, '[xy]', function (c)
local v = (c == 'x') and math.random(0, 0xf) or math.random(8, 0xb)
return string.format('%x', v)
end)
end
local email = ngx.var.arg_emailAddress
if email == nil then email = '' end
-- get CRC32 of 'email' query parameter for using it as a seed for lua randomizer
-- using https://github.com/openresty/lua-nginx-module#ngxcrc32_short
-- this will allow to always generate the same UUID for each unique email address
local seed = ngx.crc32_short(email)
ngx.var.uuid = uuid(seed)
}
}
}