facebook noscript

Proxy Secure Logger

September 6, 2017
engineering-default

Today we announce the first release of our Secure Logger feature designed to make debugging your VGS proxy integration experience simpler.

The Secure Logger will record all requests that pass through both the forward and reverse proxies and display the payload before and after it has been re-written.

Our initial implementation has two limitations while we complete testing

  1. It is only available in the sandbox environment
  2. To start recording your requests you must turn on Secure Logger in the VGS dashboard logs section

For each vault in your application you can go to the Logs (BETA) section and try sample logs for 2 minutes by pressing Enable logging button.

enable-logging

After recording your request you can see detailed logs of activity within your vault.

secure-logger

Each request is assigned a unique VGS REQUEST ID which is communicated via a HTTP header. You can use this request id to lookup any request that are sent while logging is enabled. For example, when using a cURL request

curl https://tnt81wlvpt9.sandbox.verygoodproxy.com/ -v

We can see it returned in the headers

* Trying 52.1.149.155...
* TCP_NODELAY set
* Connected to tnt81wlvpt9.sandbox.verygoodproxy.com (52.1.149.155) port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ...
< VGS-Request-Id: e6e8e91def34f9e2

When you make a request through the VGS Proxy you will see it split into four phases. Each phase represents either a pre or post rewrite operation as the data flows through the proxy

  • REQUEST_RAW - request from client to proxy
  • REQUEST_REWRITTEN - request from proxy to destination host
  • RESPONSE_RAW - response from destination host to proxy
  • RESPONSE_REWRITTEN - response from proxy to client

For responses you can see response status from the upstream host which can give you information if your request was successful (green status and http code) or an error occurred (red status and http error code).

For each log entry you can see also detailed information when you click on the row. For example REQUEST_RAW as that is request from client to proxy you can see all your raw data in Body section

secure-logger-details

After your data has passed through the proxy - you can see transformed data in the Body section of other logs types (redacted or revealed data - depending on the rules applied)

We're actively seeking feedback on this feature which gives greater insight into rewrite operations as data flows through the proxy and we hope this feature help you integrate with our proxy better. Please contact VGS team if you have any questions we'd love to hear from you!

marshall-jones-r Marshall Jones

Share

You Might also be interested in...

engineering-default

User Management Feature Release

This month we're pleased to announce the release of the user management feature that aims at giving you more control over your Organization. Take a look at these new changes.

Ulyana Falach December 13, 2017

engineering-default

Proxies Demystified

Essentially, a middle man. When dealing with computers the concept is largely the same. A web proxy is simply a bit of software that will relay a HTTP request for you.

Marshall Jones August 21, 2017

engineering-default

Securing IOT: Stream Level Redaction

Wireless Sensor Networks (WSNs) are increasingly being deployed for various applications and you no longer need a degree in computer science to understand the benefits of them. A wireless sensor network is an interconnected group of devices that monitor the environment through sensors and communicate via wireless.

Gordon Young May 27, 2018