posted on Wednesday, July 27, 2005 10:40 AM
Want to secure your site from accidentally exposing Social Security Numbers? No problem says the iRules team. This example will show how to, for a given class of uri's, scrub the SSN's from response content replacing them with the blanket "xxx-xx-xxxx" string.
class scrub_uris {
"/cgi-bin",
"/account"
}
when HTTP_REQUEST {
if { [matchclass [HTTP::uri] starts_with $::scrub_uris] } {
set scrub_content 1
# Don't allow data to be chunked
if { [HTTP::version] eq "1.1" } {
if { [HTTP::header is_keepalive] } {
HTTP::header replace "Connection" "Keep-Alive"
}
HTTP::version "1.0"
}
} else {
set scrub_content 0
}
}
when HTTP_RESPONSE {
if { $scrub_content } {
if { [HTTP::header exists "Content-Length"] } {
set content_length [HTTP::header "Content-Length"]
} else {
set content_length 4294967295
}
if { $content_length > 0 } {
HTTP::collect $content_length
}
}
}
when HTTP_RESPONSE_DATA {
# Find the SSN numbers
set ssn_indices [regexp -all -inline -indices {\d{3}-\d{2}-\d{4}} [HTTP::payload]]
# Scrub the SSN's from the response
foreach ssn_idx $ssn_indices {
set ssn_start [lindex $ssn_idx 0]
set ssn_len [expr {[lindex $ssn_idx 1] - $ssn_start + 1}]
HTTP::payload replace $ssn_start $ssn_len "xxx-xx-xxxx"
}
}
Click
here for the forum thread.
-Joe
