Fitur ini memungkinkan Anda menyembunyikan data sebelum mengirimnya sebagai bagian dari payload analisis. Dengan fitur ini, Apigee menggunakan SHA512 untuk melakukan hashing pada nilai asli sebelum mengirimkan data dari bidang runtime ke bidang kontrol.
Prosedur
Anda dapat menetapkan nilai salt untuk hash dengan properti
axHashSalt
dalam file overrides.yaml
. Properti axHashSalt
menentukan nilai yang digunakan sebagai salt saat menghitung hash SHA512 untuk meng-obfuscate data analisis sensitif. Apigee merekomendasikan penggunaan nilai yang sama di berbagai cluster yang menghosting organisasi Apigee yang sama.
Terapkan nilai dengan diagram apigee-org
dengan perintah berikut:
helm upgrade ORG_NAME apigee-org/ \ --namespace apigee \ --atomic \ -f overrides.yaml
Aktifkan fitur ini untuk setiap lingkungan dengan menetapkan features.analytics.data.obfuscation.enabled
ke
true.
Tidak ada residensi data
curl -v -X PUT \ https://apigee.googleapis.com/v1/organizations/ORG_NAME/environments/ENV_NAME \ -H "Content-Type: application/json" \ -H "Authorization: Bearer $TOKEN" \ -d '{ "name" : "ENV_NAME", "properties" : { "property" : [ { "name" : "features.analytics.data.obfuscation.enabled", "value" : "true" },] } }'
Residensi Data
curl -v -X PUT \ https://CONTROL_PLANE_LOCATION-apigee.googleapis.com/v1/organizations/ORG_NAME/environments/ENV_NAME \ -H "Content-Type: application/json" \ -H "Authorization: Bearer $TOKEN" \ -d '{ "name" : "ENV_NAME", "properties" : { "property" : [ { "name" : "features.analytics.data.obfuscation.enabled", "value" : "true" },] } }'
Dengan mengaktifkan obfuscation, Apigee Hybrid akan melakukan hashing pada kolom berikut dengan SHA512 di bidang runtime sebelum mengirimkan informasi ke backend analisis:
- client_id
- client_ip
- developer_email
- proxy_client_ip
- proxy_pathsuffix
- request_uri
- request_path
- target_basepath
- target_url
- x_forwarded_for_ip
- x-apigee.edge.true_client_ip
- x-apigee.intelligence.client_ip_header
Apigee Hybrid akan melakukan hashing pada nilai dimensi berikut di laporan analisis kustom:
- Client ID
- Alamat IP Klien
- Email Developer
- IP Klien Proxy
- Akhiran Jalur Proxy
- IP Klien Perujuk
- Jalur Permintaan
- URI Permintaan
- IP Klien yang Terselesaikan
- Jalur Dasar Target
- URL Target
- X Diteruskan Untuk
Lihat referensi metrik, dimensi, dan filter Analytics untuk mengetahui deskripsi mendetail tentang dimensi analisis.
Melihat hasil yang di-obfuscate
Hasil yang di-obfuscate akan ditampilkan di dasbor analisis hybrid Apigee. Mungkin perlu waktu beberapa menit sebelum Anda melihat hasil yang di-hash di UI.
Contoh
Contoh berikut menunjukkan data sebelum dan sesudah obfuscation:
// JSON data sent to AX before obfuscating { "proxy_basepath":"/APP_NAME", "x-apigee.edge.execution.stats.request_flow_endtimestamp":1582770652814, "apiproxy":"APP_NAME", "x-apigee.edge.is_policy_error":0, "client_sent_start_timestamp":1582770652817, "x-apigee.edge.is_target_error":0, "client_received_start_timestamp":1582770652813, "client_ip":"10.10.0.99", "is_error":false, "x-apigee.edge.stats.steps":"{\"JS1.0\":1}", "request_size":0, "x-apigee.intelligence.client_ip_header":"10.10.0.99", "virtual_host":"default", "x-apigee.edge.mp_host":"mp", "sla":false, "x-apigee.intelligence.service":"{}", "client_sent_end_timestamp":1582770652817, "request_uri":"/APP_NAME", "proxy":"default", "proxy_client_ip":"10.10.0.99", "x-apigee.edge.dn.region":"dc-1", "apigee.edge.execution.is_apigee_fault":0, "x-apigee.edge.target.latency.stats":"{\"targetList\":[]}", "useragent":"Apache-HttpClient/4.3.6 (java 1.6)", "proxy_pathsuffix":"", "x-apigee.edge.execution.stats.request_flow_start_timestamp":1582770652814, "x_forwarded_for_ip":"10.10.0.99", "x_forwarded_proto":"http", "response_status_code":200, "request_verb":"GET", "x-apigee.edge.execution.stats.response_flow_end_timestamp":1582770652816, "gateway_source":"message_processor", "environment":"env_82hw", "client_received_end_timestamp":1582770652814, "organization":"Org_1582769880344", "x-apigee.edge.execution.stats.response_flow_start_timestamp":1582770652814, "request_path":"/APP_NAME", "gateway_flow_id":"rt-8644-188-1", "apiproxy_revision":"1" }
// JSON data sent to AX after obfuscating { "proxy_basepath":"/APP_NAME", "x-apigee.edge.execution.stats.request_flow_endtimestamp":1582749361836, "apiproxy":"APP_NAME", "x-apigee.edge.is_policy_error":0, "client_sent_start_timestamp":1582749361884, "x-apigee.edge.is_target_error":0, "client_received_start_timestamp":1582749361790, "client_ip":"090cdae81ea6e58e55093f702661cf2325cef6a68aa801f1209e73bb0649c2b931bcad468911da887a42ce1d1daee07b24933e3dbbde6eb7438cfc9020a25445", "is_error":false, "x-apigee.edge.stats.steps":"{\"JS1.0\":30}", "request_size":0, "x-apigee.intelligence.client_ip_header":"090cdae81ea6e58e55093f702661cf2325cef6a68aa801f1209e73bb0649c2b931bcad468911da887a42ce1d1daee07b24933e3dbbde6eb7438cfc9020a25445", "virtual_host":"default", "x-apigee.edge.mp_host":"mp", "sla":false, "x-apigee.intelligence.service":"{}", "client_sent_end_timestamp":1582749361886, "request_uri":"0176937d9c4a33094d3c3f38ac8b15fa05dd6380a6bb544e4002c98de9f27bdbfea754901b0acb487f4980b09f7d312ad1e7027b96b2c8bfd8b9c24e833fbb5a", "proxy":"default", "proxy_client_ip":"090cdae81ea6e58e55093f702661cf2325cef6a68aa801f1209e73bb0649c2b931bcad468911da887a42ce1d1daee07b24933e3dbbde6eb7438cfc9020a25445", "x-apigee.edge.dn.region":"dc-1", "apigee.edge.execution.is_apigee_fault":0, "x-apigee.edge.target.latency.stats":"{\"targetList\":[]}", "useragent":"Apache-HttpClient/4.3.6 (java 1.6)", "proxy_pathsuffix":"cf83e1.67eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81.638327af927da3e", "x-apigee.edge.execution.stats.request_flow_start_timestamp":1582749361833, "x_forwarded_for_ip":"090cdae81ea6e58e55093f702661cf2325cef6a68aa801f1209e73bb0649c2b931bcad468911da887a42ce1d1daee07b24933e3dbbde6eb7438cfc9020a25445", "x_forwarded_proto":"http", "response_status_code":200, "request_verb":"GET", "x-apigee.edge.execution.stats.response_flow_end_timestamp":1582749361874, "gateway_source":"message_processor", "environment":"env_xj25", "client_received_end_timestamp":1582749361821, "organization":"Org_1582749068984", "x-apigee.edge.execution.stats.response_flow_start_timestamp":1582749361836, "request_path":"0176937d9c4a33094d3c3f38ac8b15fa05dd6380a6bb544e4002c98de9f27bdbfea754901b0acb487f4980b09f7d312ad1e7027b96b2c8bfd8b9c24e833fbb5a", "gateway_flow_id":"rt-6290-57-1", "apiproxy_revision":"1" }