With our Node.js APM agent, you can obfuscate URLs in distributed traces and transaction traces using a regex pattern to protect sensitive data. This feature is available in the Node.js agent v9.9.0+.
Enable URL obfuscation
To enable URL obfuscation, add the following snippet to your agent configuration:
url_obfuscation: { enabled: true, regex: { pattern: '{your regex pattern}', flags: '{regex flags}'}', replacement: '{replacement string}' }}Or using environment variables:
$NEW_RELIC_URL_OBFUSCATION_ENABLED=true$NEW_RELIC_URL_OBFUSCATION_REGEX_PATTERN={your regex pattern}$NEW_RELIC_URL_OBFUSCATION_REGEX_FLAGS={regex flags}$NEW_RELIC_URL_OBFUSCATION_REGEX_REPLACEMENT={replacement string}Flags are optional. If you don’t specify them, the agent won’t use them.
Although we recommend using a replacement pattern, using a replacement pattern is optional. If you don’t specify it, the agent will use the default replacement pattern, which is an empty string ('').
Example configuration
url_obfuscation: { enabled: true, regex: { pattern: /(\/api\/v1\/users\/)([\d]+)(\/.*$)/, flags: "i", replacement: '$1<DNT>**$3' }}This configuration will obfuscate URLs that match an example url of /api/v1/users/12345456/edit and replace all the digits in the middle of the URL with **</DNT> (two asterisks). The resulting URL will be /api/v1/users/**/edit.
Example configuration with environment variables
$NEW_RELIC_URL_OBFUSCATION_ENABLED=true$NEW_RELIC_URL_OBFUSCATION_REGEX_PATTERN=(/api/v1/users/)([\d]+)(/.*$)$NEW_RELIC_URL_OBFUSCATION_REGEX_FLAGS=i$NEW_RELIC_URL_OBFUSCATION_REGEX_REPLACEMENT=$1**$3Obfuscation rules
The agent will obfuscate URLs that match the regex pattern you provide. The agent will not obfuscate URLs that don’t match the regex pattern. If you don’t provide a regex pattern, the agent will not obfuscate any URLs. If you don’t provide a replacement pattern, the agent will replace the matched pattern with an empty string. If you don’t provide any flags, the agent will not use any flags.