Add a Sensitive URL Filter

  1. Edit the appdynamics_agent.conf configuration file in the path:
    CODE 
    <path_to_webserver_dir>/conf/appdynamics_agent.conf
  2. In the appdynamics_agent.conf file, configure the following settings:
    • AppDynamicsDelimiter: Specify the character that you want to use as URL segment endpoints. The agent splices the URL at each delimiter instance to create the segments. For HTTP, use the forward slash character "/". For the forward slash, the agent does not split on the slashes immediately following the protocol. For example, "https://myapp.example.com/" constitutes a single segment. By default, the delimiter is "/" but this is REQUIRED for successful filtering.

      For example:

      CODE 
      AppDynamicsDelimiter /

      Note that #’ cannot be used as a delimiter as the configuration file cannot process it.

    • AppDynamicsSegment: Specify a comma-separated list to indicate the segments that you want the agent to filter. Segment numbering starts from 1. If you specify 0 or negative values, the agent fails to redact the segments. This attribute is REQUIRED.

      For example:

      CODE 
      AppDynamicsSegment 2,3
    • AppDynamicsMatchfilter: The type of filter to be used to match the URL amongst the following: NOT_EMPTY|EQUALS|STARTSWITH|ENDSWITH|CONTAINS|REGEX. Default is NOT_EMPTY, but REQUIRED.

      For using this correctly, query parameters should not be considered for match-filtering. With an example of the call "https://myapp.example.com/sensitive/data?first_name=abc&last_name=xyz", to specify match-filter as STARTSWITH, it matches a specified string starting with the hostname “myapp.example.com” in this case. Similarly for ENDSWITH, it will correspond to the last segment leaving out the query parameters, “data” in this case, as query parameters are never reported in the snapshots.

      For example:

      CODE 
      AppDynamicsMatchfilter CONTAINS
    • AppDynamicsMatchpattern: Specify the string that you want to be filtered with the match-filter. This attribute is REQUIRED.

      For example:

      CODE 
      AppDynamicsMatchpattern one

      For example, the following configuration splits the URL on the "/" character and masks the third and fifth segments of the URL. In this case, the segmentation and obfuscation apply only to URLs containing "myapp":

      CODE 
      AppDynamicsDelimiter /
AppDynamicsSegment 3,5
AppDynamicsMatchfilter CONTAINS
AppDynamicsMatchpattern myapp

      The exit call to "https://myapp.example.com/customer/customerid/account/accountid/data?first_name=abc&last_name=xyz" breaks down to six segments: "https://myapp.example.com", "customer", "customerid", “account”, “accountid” and "data?first_name=abc&last_name=xyz". The Controller shows the masked values of the URL: “ /customer/*****/account/*****/data” in the snapshot details. "https://myapp.example.com" corresponds to segment number 1 and so on.

      As the query parameters are never sent to the controller, so they are not filtered. In the transaction snapshots, the URLs are sent by default without the query parameters but now after masking the corresponding URL segments.