Layer7 API Management

  • Private Community
 View Only

  • 1.  Exclude Bad Authorization header errors in ssg-log

    Posted Mar 29, 2019 12:12 PM

    Hi there,

    it seems we have some APIs, which will be accessed with a JWT, but where the client is not using a compliant header format. Means the type of authentication is missing. In this case the word "Bearer" is missing. The policy seems to be successfully, but a WARNING error will be logged in the ssg-log like this:

    WARNING 9267 com.l7tech.common.http.prov.apache.components.HttpComponentsClient: Bad Authorization header presenteyJhbGciOiJSUzI1N.....

     

    This is flooding our ssg-log and other maybe more important errors are hard to find. Therefor the question, if it's somehow possible to exclude this error from being logged. Or something like decreasing the severity of this type of error, that it will not be catched anymore.

    Yes, we already informed our customers about that, but reacting and fixing this on there side will take a while.

    Thank you!

     

    Ciao Stefan



  • 2.  Re: Exclude Bad Authorization header errors in ssg-log

    Broadcom Employee
    Posted Mar 31, 2019 06:40 PM

    The error from client side should be fixed on client side.

    On  gateway side, the log/audit is filter by log level, we can replace the audit level of particular audit to over the logging threshold to hide it, please refer to audit.setDetailLevel.<level> in Audit Cluster Properties - CA API Gateway - 9.4 - CA Technologies Documentation 

    for example, if the current log level of a log sink is INFO, replace the log level of an audit message as FINE or above will hide the audit message.

     

    But again, it should be fixed on client side, replacing audit level should be a temporary solution



  • 3.  Re: Exclude Bad Authorization header errors in ssg-log

    Posted Apr 03, 2019 04:03 PM

    Hi Zhijun,

    I know this ability, but I think this is just for audit messages from within the Service policy processing.

    Here I'm talking about a Gateway log event, which is stored in the ssg log-file.

    Also this message is handled from the http/Apache libraries while building the http route request and are therefore produced outside the gateway service process.

    So is there any possibility to filter on these other packages as well?

    And yes for sure, I know this issue should be fixed on client side, but I'm afraid this will take a while.

    Thank you!

     

    Ciao Stefan



  • 4.  Re: Exclude Bad Authorization header errors in ssg-log

    Broadcom Employee
    Posted Apr 03, 2019 07:01 PM

    The error handling in policy can only control the processing flow, the warning message will still be logged.

    I think you can also try custom audit sink policy, to discard the audits you don't like.

    Working with the Audit Sink Policy - CA API Gateway - 9.4 - CA Technologies Documentation 

    But it should need more works than replacing the log level