如何在生产中防止Ocp-Apim-Trace:true和ocp-apim-trace-location? [英] How to prevent Ocp-Apim-Trace: true and ocp-apim-trace-location in production?

问题描述

我理解当请求包含如下所示的Ocp-Apim-Trace: true时:

I underestand that when a request includes Ocp-Apim-Trace: true like below:

GET /api/v1/BotConfig HTTP/1.1
Host: xyz.azure-api.net
Cache-Control: no-cache
Ocp-Apim-Trace: true
Ocp-Apim-Subscription-Key: ••••••••••••••••••••••••••••••••

API管理添加了ocp-apim-trace-location标头:

The API Management adds ocp-apim-trace-location header:

ocp-apim-trace-location: https://womewhere.blob.core.windows.net/apiinspectorcontainer/Hin6_SGFT-some-parameters

这显然是一个安全探针，我敢肯定我遗漏了一点.

This is obviously a security probelm and I am sure I am missing a point.

为API Management开发人员启用ocp-apim-trace-location的机制是什么，但请确保对公共服务使用者禁用ocp-apim-trace-location?

What is the mechanism to enable ocp-apim-trace-location for API Management developers, but make sure it is disabled for public service consumers?

推荐答案

跟踪位置(响应标头中的 ocp-apim-trace-location )仅适用于管理员帐户.对于非管理员帐户或没有订阅密钥的情况，不会收集跟踪.

Trace location (ocp-apim-trace-location in response header) is available only for admin accounts. For non-admin accounts or when there is no subscription key the traces aren't collected.

这篇关于如何在生产中防止Ocp-Apim-Trace:true和ocp-apim-trace-location?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！