- Edit the PHP configuration file,
php.ini or appdynamics_agent.ini depending on your environment.
- In the PHP configuration file, configure the following settings.
If a value in the ini file for any of the following config contains any non-alphanumeric characters, it must be enclosed within double-quotes (") as per the PHP guidelines.
- Config Delimiter: Specify the character that you want to use as the configuration delimiter for the sensitive data filter for redaction. The config delimiter must be chosen such that it should not occur in the redaction config strings. This value is REQUIRED.
For example:
agent.sensitive_data_filter.configDelimiter = "|"
- URL Delimiter: Specify the character that you want to use as URL segment endpoints. The agent splits the URL at each delimiter instance to create the segments. For HTTP, use the forward-slash character "/". For a forward slash, the agent does not split on the slashes immediately following the protocol. For example, "https://myapp.example.com/" constitutes a single segment. By default, the delimiter is "/" but this is REQUIRED for successful redaction.
For example:
agent.sensitive_data_filter.delimiter = "/"
Note: '#' and ';' cannot be used as a delimiter or configDelimiter because the ini file considers it as a comment.
- Segment: Specify a comma-separated list to indicate the segments that you want the agent to filter. Segment numbering starts from 1 and providing 0 or negative value fails to redact the segments with an error message in the agent logs. The segment numbers must be in the ascending order. This value is REQUIRED.
For example:
agent.sensitive_data_filter.segment = "2,3"
- Matchfilter: Specify the type of filter to be used to match the URL among - NOT_EMPTY|EQUALS|STARTSWITH|ENDSWITH|CONTAINS|REGEX. PERL standard must be followed if REGEX is used. The value is REQUIRED.
For using this correctly, query parameters must not be considered for match-filtering. With an example of the call "https://myapp.example.com/sensitive/data?first_name=abc&last_name=xyz", to specify match-filter as STARTSWITH, it matches a specified string starting with the hostname "https://myapp.example.com" in this example. If the URL contains the port in the hostname, it must be present in the config string. Similarly for ENDSWITH, it will correspond to the last segment leaving out the query parameters, "data" in this case, as query parameters are never reported in the snapshots.
For example,
agent.sensitive_data_filter.matchPattern = "myapp"
- ParamPattern: Specify the regular expression matching the query parameters to filter. PERL Standard should be followed for the regular expression. This value is OPTIONAL.
agent.sensitive_data_filter.paramMatcher = "[a-z]+_name"
For example, the following configuration splits the URL on the "/" character and masks the second segment and the
ParamPattern in the third segment of the URL. Here, the segmentation and obfuscation apply only to URLs containing "myapp".
agent.sensitive_data_filter.configDelimiter = "|"
agent.sensitive_data_filter.delimiter = "/"
agent.sensitive_data_filter.segment = "2"
agent.sensitive_data_filter.matchFilter = "CONTAINS"
agent.sensitive_data_filter.matchPattern = "myapp"
agent.sensitive_data_filter.paramMatcher = "[a-z]+_name"
The exit call to "https://myapp.example.com/sensitive/data?first_name=abc&last_name=xyz" breaks down to three segments: "https://myapp.example.com", "sensitive", and "data?first_name=abc&last_name=xyz". The Controller shows the masked values of the URL and the param-pattern display "https://myapp.example.com/*****/data?first_name=***&last_name=***" in the snapshot details.
If you do not use any values for the query parameters, the Controller does not mask any query parameters in the URL.