I *think* you're going to have to fully construct your logging format with a whitelist of params you want, rather than an exclusion list. I'm not sure you can scope this by HTTP method, however.
Given your use of this as a forward proxy, I assume you could scope it by Host header ... but that *might* require a double pass through haproxy, with an "abns@" style listener containing the logging format configuration. HTH, J On Tue, 13 Mar 2018 at 12:51, Dave Cottlehuber <[email protected]> wrote: > Hi, > > I'm using haproxy to handle TLS termination to a 3rd party API that > requires authentication (username/password) to be passed as query > parameters to a GET call. > > I want to log the request as usual, just not all the query parameters. > Obviously for a POST the parameters would not be logged at all, but is it > possible to teach haproxy to exclude one specific query parameters on a GET > request? > > the request: > > GET /api?username=seriously&password=ohnoes&command=locate&item=chocolat > > desired log something like: > > GET /api?username=seriously&command=locate&item=chocolat > > I can do this downstream in rsyslog but I'd prefer to cleanse the urls up > front. > > A+ > Dave > > -- Jonathan Matthews London, UK http://www.jpluscplusm.com/contact.html
