I require access logs enabled, but for compliance reasons, cannot log a sensitive GET request parameter's data in the access logs. While I know, I could parse the logs (after-the-fact) and sanitize them, this is not an acceptable solution -- because for compliance reasons logs can't be tampered with.
I tried setting if statement in Location directive
if ($request_uri~ (.)password=[^&](.*)) { set $request_uri$1password=XXXXX$2; }
but here i read that 'if' is not safe in Location.
https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/
can you suggest alternative, may be in server directive
I tried setting if statement in Location directive
if ($request_uri~ (.)password=[^&](.*)) { set $request_uri$1password=XXXXX$2; }
but here i read that 'if' is not safe in Location.
https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/
can you suggest alternative, may be in server directive