Forum Discussion

Abhi_001's avatar
Abhi_001
Icon for Nimbostratus rankNimbostratus
Aug 29, 2023
Solved

Help with iRule to mask/hide User Personal Information in HTTP Response

I am trying to create iRule to mask or entirely hide the User Personal Information in HTTP Response

Below is the sample HTTP response -:

 

 

HTTP/1.1 200 OK
Cache-Control: private, max-age=0
Content-Type: text/xml; charset=utf-8
Date: Tue, 29 Aug 2023 02:51:06 GMT
Connection: close
Content-Length: 3235
Set-Cookie: TS01e69e3b=01b0a4a8b4102ce46022963e6b7400bdfb4d0efb2fe21a605d9bcde499a388317e514653a99ef47946192ae33bd0f8037cbdb56cce; Path=/


<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope
	xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xmlns:xsd="http://www.w3.org/2001/XMLSchema">
	<soap:Body>
		<GetUserInfoResponse
			xmlns="http://GatewayUserUpdateService.org/">
			<GetUserInfoResult>
				<UserInfo
					xmlns="http://www.testtech.com/">
					<UserId
						xmlns="">110032865
					</UserId>
					<Title
						xmlns="">Mr.
					</Title>
					<LastName
						xmlns="">Test1
					</LastName>
					<FirstName
						xmlns="">Test2
					</FirstName>
					<MiddleInitial
						xmlns="">
					</MiddleInitial>
					<MiddleName
						xmlns="">
					</MiddleName>
					<DisplayName
						xmlns="">Test1 Test2
					</DisplayName>
					<Nickname
						xmlns="">
					</Nickname>
					<LastName2
						xmlns="">
					</LastName2>
					<AltName
						xmlns="">
					</AltName>
					<IsInactive
						xmlns="">False
					</IsInactive>
					<UserAddress
						xmlns="" />
						<UserIdentity
							xmlns="">
							<Identity>
								<IDIndex>1</IDIndex>
								<UserIdentity>Test84846</UserIdentity>
								<IssueDt>4/20/2019</IssueDt>
								<ExpireDt>4/20/2029</ExpireDt>
								<IdentCode>PAS</IdentCode>
								<IssueDt_ENC>2019-04-20</IssueDt_ENC>
								<ExpireDt_ENC>2029-04-20</ExpireDt_ENC>
							</Identity>
							<Identity>
								<IDIndex>2</IDIndex>
								<UserIdentity>g11245562</UserIdentity>
								<IssueDt>5/20/2020</IssueDt>
								<ExpireDt>5/20/2030</ExpireDt>
								<IdentCode>DID</IdentCode>
								<IssueDt_ENC>2020-05-20</IssueDt_ENC>
								<ExpireDt_ENC>2030-05-20</ExpireDt_ENC>
							</Identity>
						</UserIdentity>
						<UserAttribute
							xmlns="">
							<Attribute>
								<BirthDt>3/4/1980</BirthDt>
								<WeddingDate></WeddingDate>
								<Smoker>False</Smoker>
								<Sex>True</Sex>
								<Marital>0</Marital>
								<Height></Height>
								<Weight></Weight>
								<Eyes></Eyes>
								<Hair></Hair>
								<CitizenshipCountryId>3</CitizenshipCountryId>
								<Beverage></Beverage>
								<Occupation></Occupation>
								<Ethnicity></Ethnicity>
								<AgeGroup></AgeGroup>
								<HairType></HairType>
								<HairColor></HairColor>
								<Attire></Attire>
								<AttireColor></AttireColor>
								<LanguageCode>ENG</LanguageCode>
								<BirthDt_ENC>1980-03-04</BirthDt_ENC>
								<WeddingDate_ENC></WeddingDate_ENC>
							</Attribute>
						</UserAttribute>
						<UserPhone
							xmlns="">
							<Phone>
								<PhoneNumber>86111231616983</PhoneNumber>
								<ContactType>Mobile</ContactType>
							</Phone>
							<Phone>
								<PhoneNumber>573537357</PhoneNumber>
								<ContactType>Home</ContactType>
							</Phone>
						</UserPhone>
						<UserTest1
							xmlns="" />
						</UserInfo>
					</GetUserInfoResult>
				</GetUserInfoResponse>
			</soap:Body>
		</soap:Envelope>

 

 

 I am trying to hide the content inside tags "UserIdentity", "BirthDt" and "PhoneNumber"

I tried below iRule as test for masking content inside "PhoneNumber" tag-:

 

 

when HTTP_RESPONSE {
    set original_response [HTTP::payload]
    set clen [HTTP::header Content-Length]
}

when HTTP_RESPONSE_DATA {

    regsub -all {<PhoneNumber>(.*?)</PhoneNumber>} $original_response {<PhoneNumber>****</PhoneNumber>} fixeddata
    log "Replacing payload with new data."
    HTTP::payload replace 0 $clen $fixeddata
    HTTP::release

}

 

 

However the response is same as before.

8
security
  • Abhi_001's avatar
    Abhi_001
    Aug 29, 2023

    Got it solved with below iRule code -:

    when HTTP_RESPONSE {
    set clen [HTTP::header Content-Length]
    HTTP::collect $clen
}

when HTTP_RESPONSE_DATA {

    regsub -all {<PhoneNumber>(.*?)</PhoneNumber>} [HTTP::payload] {<PhoneNumber>********</PhoneNumber>} fixeddata
    log "Replacing payload with new data."
    HTTP::payload replace 0 $clen $fixeddata
    HTTP::release

}

2 Replies

Sort By
  • Abhi_001's avatar
    Abhi_001
    Icon for Nimbostratus rankNimbostratus
    Aug 29, 2023

    Got it solved with below iRule code -:

    when HTTP_RESPONSE {
    set clen [HTTP::header Content-Length]
    HTTP::collect $clen
}

when HTTP_RESPONSE_DATA {

    regsub -all {<PhoneNumber>(.*?)</PhoneNumber>} [HTTP::payload] {<PhoneNumber>********</PhoneNumber>} fixeddata
    log "Replacing payload with new data."
    HTTP::payload replace 0 $clen $fixeddata
    HTTP::release

}
    • Mohamed_Ahmed_Kansoh's avatar
      Mohamed_Ahmed_Kansoh
      Icon for MVP rankMVP
      Aug 29, 2023

      Hi Abhi_001 ,
      That's good. 
      Please mark your answer as an accepted solution , to make it easy for F5 users in all over the world to reach to the solution easly at similar cases 🙂