本文是小编为大家收集整理的关于对Tomcat访问日志条目进行消毒的处理/解决方法,可以参考本文帮助大家快速定位并解决问题,中文翻译不准确的可切换到English标签页查看源文。
问题描述
在我们的日志中,由于人们击中了我们应用程序中的某些ULR,我们会看到信用卡号码(我不知道他们为什么这样做).我们想对这些信息进行消毒(由于PCI的考虑),甚至不将其持续到磁盘上.
因此,我希望能够在登录日志文件之前对日志条目进行消毒.我一直在看tomcat阀(访问日志阀).这是要走的路吗?
推荐答案
我能够通过扩展 AccessLogValve 和覆盖 public log(java.lang.String message) :
public class SanitizedAccessLogValve extends AccessLogValve {
private static Pattern pattern = Pattern.compile("\\b(?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14}|6(?:011|5[0-9][0-9])[0-9]{12}|3[47][0-9]{13}|3(?:0[0-5]|[68][0-9])[0-9]{11}|(?:2131|1800|35\\d{3})\\d{11})\\b");
/*
This method will sanitize any cc numbers in the string and replace them with x's
*/
private String sanitize(String string) {
String sanitizedString = string;
if(string != null) {
StringBuffer buffer = new StringBuffer();
Matcher matcher = pattern.matcher(string);
while(matcher.find()) {
MatchResult matchResult = matcher.toMatchResult();
int start = matchResult.start();
int end = matchResult.end();
String matchedText = string.substring(start, end);
matcher.appendReplacement(buffer, "xxxxxxxxxxxxxxxx");
}
matcher.appendTail(buffer);
sanitizedString = buffer.toString();
}
return sanitizedString;
}
@Override
public void log(String message) {
super.log(sanitize(message));
}
}
您需要将其编译到Jar中,然后将该Jar文件放入$CATALINA_HOME/lib.
中然后在您的server.xml中:
<Valve className="my.valves.SanitizedAccessLogValve"
directory="access_logs" prefix="localhost." suffix=".log"
pattern='%v %h %t "%r" %s %B %T "%{User-Agent}i"'/>
问题描述
In our logs we're seeing credit-card numbers due to people hitting some of the ULRs in our app with CC info (I have no idea why they are doing this). We want to sanitize this information (because of PCI considerations) and not even persist it to disk.
Hence, I want to be able to sanitize the log entry before it hits the log file. I've been looking at Tomcat Valves (Access Log Valve). Is this the way to go?
推荐答案
I was able to solve this problem by extending AccessLogValve and overriding public log(java.lang.String message):
public class SanitizedAccessLogValve extends AccessLogValve {
private static Pattern pattern = Pattern.compile("\\b(?:4[0-9]{12}(?:[0-9]{3})?|5[1-5][0-9]{14}|6(?:011|5[0-9][0-9])[0-9]{12}|3[47][0-9]{13}|3(?:0[0-5]|[68][0-9])[0-9]{11}|(?:2131|1800|35\\d{3})\\d{11})\\b");
/*
This method will sanitize any cc numbers in the string and replace them with x's
*/
private String sanitize(String string) {
String sanitizedString = string;
if(string != null) {
StringBuffer buffer = new StringBuffer();
Matcher matcher = pattern.matcher(string);
while(matcher.find()) {
MatchResult matchResult = matcher.toMatchResult();
int start = matchResult.start();
int end = matchResult.end();
String matchedText = string.substring(start, end);
matcher.appendReplacement(buffer, "xxxxxxxxxxxxxxxx");
}
matcher.appendTail(buffer);
sanitizedString = buffer.toString();
}
return sanitizedString;
}
@Override
public void log(String message) {
super.log(sanitize(message));
}
}
You need to compile this into a jar, and then put that jar file in $CATALINA_HOME/lib.
Then in your server.xml:
<Valve className="my.valves.SanitizedAccessLogValve"
directory="access_logs" prefix="localhost." suffix=".log"
pattern='%v %h %t "%r" %s %B %T "%{User-Agent}i"'/>
更多相关问答
联系站长