我正在尝试匿名化电子邮件地址(将其替换为 UUID)以避免将它们作为明文保存在我的 nginx 访问日志中。目前,我只能*****
通过覆盖 OpenResty 的 nginx.conf来替换它:
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$anonymized_request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log logs/access.log main;
....
map $request $anonymized_request {
default $request;
~([^\?]*)\?(.*)emailAddress=(?<email_address>[^&]*)(&?)(.*)(\s.*) "$1?$2emailAddress=*****$4$5$6"; # $email_address;
}
include /etc/nginx/conf.d/*.conf;
}
当前结果:
# curl http://localhost:8080/?emailAddress=dat@mail.de&attr=hello
127.0. 0.1 - - [24/Jan/2020:11:38:06 +0000] "GET /?emailAddress=*****&attr=hello HTTP/1.1" 200 649 "-" "curl/7.64.1" "-"
预期的:
127.0. 0.1 - - [24/Jan/2020:11:38:06 +0000] "GET /?emailAddress=a556c480-3188-5181-8e9c-7ce4e391c1de&attr=hello HTTP/1.1" 200 649 "-" "curl/7.64.1" "-"
请问,是否可以将email_address
变量传递给将其转换为 UUID 的脚本?或者,我们如何使用 a 来获得相同的日志格式log_by_lua_block
?