从Rails日志中过滤部分或全部请求URL [英] Filtering parts or all of request URL from rails logs
问题描述
如果您有一个JSONP API,则URL中可能存在一些敏感信息。有没有一种方法可以从日志中过滤请求的URLS?
解决方案 是让它在Rails 2.x〜> 3.0上工作的方法。从Rails 3.1开始,如果你设置 config.filter_parameters
,Rails也会过滤掉查询字符串中的敏感参数。详情请参阅此提交。
我认为在这种情况下,您需要在 complete_request_uri .com / rails / rails / blob / bfe032858077bb2946abe25e95e485ba6da86bd5 / actionpack / lib / action_controller / base.rb#L1384rel =nofollow noreferrer> ActionController :: Base ,因为 ActionController :: Benchmarking 调用该方法并打印如下所示的行:/ p>
完成于171ms(查看:35,DB:7)| 200 OK [http:// localhost:3000 /]
重写这个方法
pre code> class ActionController :: Base
private
def complete_request_uri
#{request.protocol}#{request.host}#{request.request_uri.gsub(/ secret =([a-z0-9] +)/ i,secret = [FILTERTED])}
end
end
请注意,您需要使用正则表达式来玩一下它取代你想要的部分。
Rails provides filter_parameter_logging to filter sensitive parameters from the rails log.
If you have a a JSONP API, some sensitive information could be present in the URL. Is there a way to filter request URLS from the log also?
Note: The answer here was the way to get it work on Rails 2.x ~> 3.0. Starting from Rails 3.1, if you set config.filter_parameters
, Rails will filter out the sensitive parameter in the query string as well. See this commit for more detail.
I think in that case, you need to override complete_request_uri
in ActionController::Base, since ActionController::Benchmarking calls that method and prints the line that looks like:
Completed in 171ms (View: 35, DB: 7) | 200 OK [http://localhost:3000/]
I think you can put this in initializer to override this method
class ActionController::Base
private
def complete_request_uri
"#{request.protocol}#{request.host}#{request.request_uri.gsub(/secret=([a-z0-9]+)/i, "secret=[FILTERTED]")}"
end
end
Note that you need to play a bit with regular expression to make it substitute the portion you wanted.
这篇关于从Rails日志中过滤部分或全部请求URL的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!