Add Sensitive Data Filter for Cookies
You can use sensitive Cookie filters to configure the agent to obfuscate sensitive information from the URLs in transaction snapshot details.
- Edit the Apache Agent configuration file:
- Add sensitive cookie filter element as directives:
AppDynamicsMaskCookie:Specify if filtering is enabled or not. Set it
ONfor cookie filtering to be enabled. Default value is
AppDynamicsCookieMatchPattern: Specify the pattern that when matched, filters value of that cookie
- Enabling AppDynamicsMaskCookie masks values of all the cookies associated with the given request. To filter selective cookies, set the following:
AppDynamicsCookieMatchPatternand provide the full name of the cookie whose value needs to be masked as
A substring of a cookie name does not mask any value in the transaction snapshot. Ensure that you enter the Full name of the cookie for this directive
- For masking multiple cookies values simultaneously, provide names of all those cookies separated by '|' as a single string as follows:
If ‘|’ is present in the cookie name itself, the agent cannot mask those cookies as ‘|’ is used as a name separator in
Add Sensitive Data Filter for the SM_USER
You can use SM_USER filter to configure the agent to obfuscate sensitive information from the URLs in transaction snapshot details.
Edit the Apache Agent configuration file:
Add sensitive SM_USER filter element as directive:
AppDynamicsMaskSmUser:Specify if filtering is enabled or not. Set it
ONfor sm_user filtering to be enabled. Default value is
Enabling this masks the values of all the SM_USER associated with the given request.
Filter Certain URL Segments or Query Parameters
By default, the AppDynamics Apache Agent sends transaction data to the Controller that your organization may classify as privileged information. Although such data is useful for diagnosis and troubleshooting, security considerations may require you to filter certain sensitive information from view in the Controller. You can use
Sensitive URL filters to exclude sensitive information from a URL in snapshot details.
Add a Sensitive URL Filter
- Edit the
appdynamics_agent.confconfiguration file in the path:
- In the
appdynamics_agent.conffile, configure the following settings:
AppDynamicsDelimiter: Specify the character that you want to use as URL segment endpoints. The agent splices the URL at each delimiter instance to create the segments. For HTTP, use the forward slash character "/". For the forward slash, the agent does not split on the slashes immediately following the protocol. For example, " " constitutes a single segment. By default, the delimiter is "/" but this is REQUIRED for successful filtering.
Note that #’ cannot be used as a delimiter as the configuration file cannot process it.
AppDynamicsSegment: Specify a comma-separated list to indicate the segments that you want the agent to filter. Segment numbering starts from 1. If you specify 0 or negative values, the agent fails to redact the segments. This attribute is REQUIRED.
AppDynamicsMatchfilter: The type of filter to be used to match the URL amongst the following:
NOT_EMPTY|EQUALS|STARTSWITH|ENDSWITH|CONTAINS|REGEX. Default is
For using this correctly, query parameters should not be considered for match-filtering. With an example of the call ", to specify match-filter as STARTSWITH, it matches a specified string starting with the hostname “myapp.example.com” in this case. Similarly for ENDSWITH, it will correspond to the last segment leaving out the query parameters, “data” in this case, as query parameters are never reported in the snapshots.
AppDynamicsMatchpattern: Specify the string that you want to be filtered with the match-filter. This attribute is REQUIRED.
For example, the following configuration splits the URL on the "/" character and masks the third and fifth segments of the URL. In this case, the segmentation and obfuscation apply only to URLs containing "myapp":
The exit call to " breaks down to six segments: "", "customer", "customerid", “account”, “accountid” and "data?first_name=abc&last_name=xyz". The Controller shows the masked values of the URL: “ /customer/*****/account/*****/data” in the snapshot details. "" corresponds to segment number 1 and so on.
As the query parameters are never sent to the controller, so they are not filtered. In the transaction snapshots, the URLs are sent by default without the query parameters but now after masking the corresponding URL segments.
Filtering multiple URLs
Due to the limitations of the Apache configurations, if you want to filter multiple URLs separately, the arguments need to be written with '|' separated as described below:
Each ‘|’ separated values correspond to an additional URL filter added. For ‘n’ number of separate URL filters, you need to have ‘n’ different ‘I’ configurations correspondingly. These filters behave independently on the URLs and will filter based on the configurations specified for each filter.
You must define all the configuration settings, though the configurations assume the default values. If you miss defining a particular setting in case of multiple filtering, the filtering fails.