Nishal_Rai
Apr 15, 2024Cirrocumulus
Can iRule mask the payload content on event logs of security
Hello Everyone,
Is it possible to mask the certain value of the request on the Application Security > Event Logs using iRule,
Since the application "Content-Type: application/octet-stream" and the payload consists some sensitive information of the user which are not associated with any parameters in the payload.
The requested URL is "/api/v1/client/client-auth/login" and I want to mask the content after first value (which is a cell number and follows a pattern) till the 15 characters, regardless of the character used.
The payload sample:
9844445555 password@123
I tried with a below iRule script but the application stopped working:
when HTTP_REQUEST { if { [HTTP::uri] equals "/api/v1/client/client-auth/login" && [HTTP::header "Content-Type"] equals "application/octet-stream" } { set payload [TCP::payload] set pattern {(\d+).*?} if {[regexp -indices $pattern $payload match_indices]} { foreach {start_index end_index} $match_indices { set dynamic_length [expr {$end_index - $start_index - 10}] ; set masked_part [string repeat "*" $dynamic_length] set masked_payload [string replace $payload [expr $start_index] [expr $end_index - 1] $masked_part] set payload $masked_payload } TCP::payload replace 0 [string length $payload] $payload } } }