I am running a NodeJS application, hosted in a Linux Azure Web App. I have set up diagnostic logs for HTTP Logs to be forwarded to a Log Analytics Workspace and having looked at the logs I can see there’s cookies included by default.
I would ideally like to control which cookies are included in the HTTP logs or prevent cookies being logged at all. I haven’t found any documentation on configuring the HTTP logs, and the diagnostic setting is just on or off for that log category.
Is there anything I can do to control the HTTP log content? Thanks
2
Answers
It seems it is not possible to configure the HTTP Logs diagnostic configuration. The accepted answer has some useful considerations but in my use case the processing via event hubs and functions was not an option.
Azure App Service diagnostic logging doesn’t currently allow direct control over which headers or cookies appear in HTTP logs.
At the application level, we can add middleware in our Node.js app to intercept and mask sensitive cookies before they get logged.
I’ve added middleware to the code that checks each cookie in the request and replaces sensitive cookie values with
[FILTERED]
.Complete app.js code:
This approach ensures that sensitive cookie values are not exposed.
Local output:
Output after deployment:
Other Alternative approaches for masking sensitive data :