How to prevent ${aspnet-request-posted-body} to not log sensitive info
Question
I am using ${aspnet-request-post-body} to log the request body in log file. The problem I am facing: I want to prevent ${aspnet-request-post-body} to log some info ie password and credit card details and I like to apply masking on them.
For example if request body is {username : ABC, password :554&3} this should be logged in this format {username: ABC, password : ****}
Please note I have already tried replace layout for this problem and don't want to use this. Is there any other way to do this task?
1 answers
solution1
1 ACCPTED 2020-11-13 17:18:02
The ${aspnet-request-post-body} is only text for NLog.
So you have the following options:
replace all stuff (with a regex): example of config with replace all:
<variable name="messageNoDigits" value="${replace:inner=${message}:searchFor=(\\\\d{3\\})+:replaceWith=:regex=true}" />write your own custom layout renderer that parses the body as JSON and transforms it. Please note that reading the body in ASP.NET Core could be a bit tricky, see the current code in NLog for it . If you have the code for reading/transforming the body, it could be easily converted to a NLog layout renderer:
using NLog.Web.LayoutRenderers; // register ${SanitizedBody} AspNetLayoutRendererBase.Register("SanitizedBody", (logEventInfo, httpContext, loggingConfiguration) => MyMethod(httpContext));See https://github.com/NLog/NLog/wiki/How-to-write-a-custom-layout-renderer
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.