I *think* you're going to have to fully construct your logging format with
a whitelist of params you want, rather than an exclusion list. I'm not sure
you can scope this by HTTP method, however.

Given your use of this as a forward proxy, I assume you could scope it by
Host header ... but that *might* require a double pass through haproxy,
with an "abns@" style listener containing the logging format configuration.


On Tue, 13 Mar 2018 at 12:51, Dave Cottlehuber <d...@skunkwerks.at> wrote:

> Hi,
> I'm using haproxy to handle TLS termination to a 3rd party API that
> requires authentication (username/password) to be passed as query
> parameters to a GET call.
> I want to log the request as usual, just not all the query parameters.
> Obviously for a POST the parameters would not be logged at all, but is it
> possible to teach haproxy to exclude one specific query parameters on a GET
> request?
> the request:
> GET /api?username=seriously&password=ohnoes&command=locate&item=chocolat
> desired log something like:
> GET /api?username=seriously&command=locate&item=chocolat
> I can do this downstream in rsyslog but I'd prefer to cleanse the urls up
> front.
> A+
> Dave
> --
Jonathan Matthews
London, UK

Reply via email to