Data masking for IP address in API Gateway

mounika_tpn · October 18, 2023, 8:12am

Hi guys,

Im trying to mask the ip address in API gateway using datamasking in error handling and response processing, but im unable to get the desired result.

Current output is giving ip address like 1.1.1.1 for which I want the result to be masked as “....”

Please suggest the correct process to execute the above requirement.

DINESH_J · October 18, 2023, 9:47am

let me know are your trying to mass Gateway API or Native endpoint in the response processing ? If so I hope the masking criteria is set to make effect . kindly add the snapshot of the masking policy

mounika_tpn · October 18, 2023, 10:03am

Hi @DINESH_J

Whenever the IP from which we will test the url is not whitelisted in policies, currently I’m getting the response as:

HTTP/1.1 403 Forbidden
SOAPAction: “register”
X-Forwarded-For: 1.1.1.1.
Host: hostname:1234
Accept-Encoding: gzip,deflate
Content-Type: text/xml; charset=UTF-8
Strict-Transport-Security: max-age=16070400; includeSubDomains

<?xml version='1.0' encoding='UTF-8'?>ns2:ReceiverAPI Gateway encountered an error. Error Message: Unauthorized application request. Request Details: Service - servicename, Operation - register, Invocation Time:12:34:09 PM, Date:Oct 18, 2023, Client IP - 1.1.1.1, User - Default and Application:sys:defaultApplication

Here, I want to mask the IP ADDRESS to some ******** value.

I have configured the data masking policy in both response processing and Error handling with JSON as $[‘x._source.applicationIp’] with masking TYPE to MASK and set the value as ******** but it is not working.

DINESH_J · October 18, 2023, 10:37am

This is default fault error response from the API Gateway , Since your request is unauthorized from gateway . Note this is client IP’s who is requesting your API.

Is there any requirement or security concern to mask the Client_IP to client itself ?

mounika_tpn · October 18, 2023, 10:39am

Is there any requirement or security concern to mask the Client_IP to client itself ?

YES @DINESH_J

DINESH_J · October 18, 2023, 10:44am

ok , if you have can you explain here ?

To achieve your requirement update your default error fault under Administration → General → fault

iPaaS API Gateway has encountered an error. Error Message: $ERROR_MESSAGE. Request Details: iPaaS Service - $SERVICE, Operation - $OPERATION, Invocation Time:$TIME, Date:$DATE, Client IP - $CLIENT_IP, User - $USER and iPaaS Application:$CONSUMER_APPLICATION

Remove the highlighted details.

Note : This will effect to all the consumer

mounika_tpn · October 18, 2023, 10:49am

But I don’t want to remove the IP, instead i want to MASK IT

DINESH_J · October 18, 2023, 11:22am

@mounika_tpn I doubt there is there any leverage to update the application data .
I guess API which you are trying SOAP based on the content-type , But the policy applied for JSON format . Try updating the relevant one and check

system · April 15, 2024, 11:23am

This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.