NGINX: Obfuscate password in access_log

问题

The bounty expires in 2 days. Answers to this question are eligible for a +50 reputation bounty. Jon Mitten is looking for a canonical answer: “This is a common requirement for cloud debugging, and the regex pattern would be very valuable.”

I want to log the $request_body in the access logs.

But some of the requests have some JSON fields that are sensitive like passwords.

Example:

[2019-03-28] 201 - POST /api/user/add HTTP/1.1 - {\x22email\x22:\x22test@test.com\x22,\x22password\x22:\x22myPassword\x22}

Is there a way to obfuscate the password value so the output would look something like this:

[2019-03-28] 201 - POST /api/user/add HTTP/1.1 - {\x22email\x22:\x22test@test.com\x22,\x22password\x22:\x22****\x22}

回答1:

Look at this blog which talks about masking user data for logs: https://www.nginx.com/blog/data-masking-user-privacy-nginscript/

来源：https://stackoverflow.com/questions/55396459/nginx-obfuscate-password-in-access-log