Forum Discussion
irule or ASM Dataguard to mask sensitive data.
- Mar 17, 2019
I think it's just the regex. The documentation says it takes PCRE expressions, but maybe it's slightly different?
I put the string in the custom pattern exactly as it shows up in the response and it masks it:
HTTP/1.1 200 OK Date: Sun, 17 Mar 2019 16:14:09 GMT Last-Modified: Sun, 17 Mar 2019 15:49:08 GMT ETag: "2a-5844c365dbc0c" Accept-Ranges: bytes Content-Length: 42 Content-Type: application/json Set-Cookie: TS01ce3b70=01ab350b1380a1d499b6b31bbd8fd165e9cea5e3b49f3bb2488ec38e985de0fb0f24c3aa51ce1302f1a6ded68aff123b1f26f4d34c; Path=/; HTTPOnly {"some-data": "here"} *******************
Also, I think you'll want to disable blocking in learning and blocking for dataguard information leakage. You'll actually get a block page instead of the masked data if block is set.
Here's an iRule to do that specific string, but it probably wouldn't scale too well if you have a lot of other strings to replace:
when HTTP_REQUEST {
Disable the stream filter for client requests
STREAM::disable
}
when HTTP_RESPONSE {
Disable the stream filter for server responses
STREAM::disable
Enable the stream filter for text responses only
if {[HTTP::header value Content-Type] contains "json"}{
Replace 'old_text' with 'new_text'
STREAM::expression {@{"version":"3.4.4"}@{"version":"x.x.x"}@}
Enable the stream filter
STREAM::enable
}
}
And some testing:
HTTP/1.1 200 OK
Date: Sun, 17 Mar 2019 15:56:18 GMT
Server: Apache/2.4.34 (Unix)
Last-Modified: Sun, 17 Mar 2019 15:49:08 GMT
ETag: "2a-5844c365dbc0c"
Accept-Ranges: bytes
Content-Length: 42
Content-Type: application/json
{"some-data": "here"}
{"version":"3.4.4"}
After the rule is applied:
HTTP/1.1 200 OK
Date: Sun, 17 Mar 2019 15:56:54 GMT
Server: Apache/2.4.34 (Unix)
Last-Modified: Sun, 17 Mar 2019 15:49:08 GMT
ETag: "2a-5844c365dbc0c"
Accept-Ranges: bytes
Content-Type: application/json
Transfer-Encoding: chunked
{"some-data": "here"}
{"version":"x.x.x"}
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com