facebook noscript

Proxy Secure Logger

September 6, 2017

Today we announce the first release of our Secure Logger feature designed to make debugging your VGS proxy integration experience simpler.

The Secure Logger will record all requests that pass through both the forward and reverse proxies and display the payload before and after it has been re-written.

Our initial implementation has two limitations while we complete testing

  1. It is only available in the sandbox environment
  2. To start recording your requests you must turn on Secure Logger in the VGS dashboard logs section

For each vault in your application you can go to the Logs (BETA) section and try sample logs for 2 minutes by pressing Enable logging button.


After recording your request you can see detailed logs of activity within your vault.


Each request is assigned a unique VGS REQUEST ID which is communicated via a HTTP header. You can use this request id to lookup any request that are sent while logging is enabled. For example, when using a cURL request

curl https://tnt81wlvpt9.sandbox.verygoodproxy.com/ -v

We can see it returned in the headers

* Trying
* Connected to tnt81wlvpt9.sandbox.verygoodproxy.com ( port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 ...
< VGS-Request-Id: e6e8e91def34f9e2

When you make a request through the VGS Proxy you will see it split into four phases. Each phase represents either a pre or post rewrite operation as the data flows through the proxy

  • REQUEST_RAW - request from client to proxy
  • REQUEST_REWRITTEN - request from proxy to destination host
  • RESPONSE_RAW - response from destination host to proxy
  • RESPONSE_REWRITTEN - response from proxy to client

For responses you can see response status from the upstream host which can give you information if your request was successful (green status and http code) or an error occurred (red status and http error code).

For each log entry you can see also detailed information when you click on the row. For example REQUEST_RAW as that is request from client to proxy you can see all your raw data in Body section


After your data has passed through the proxy - you can see transformed data in the Body section of other logs types (redacted or revealed data - depending on the rules applied)

We're actively seeking feedback on this feature which gives greater insight into rewrite operations as data flows through the proxy and we hope this feature help you integrate with our proxy better. Please contact VGS team if you have any questions we'd love to hear from you!

marshall-jones-r Marshall Jones


You Might also be interested in...

user-management 1-2

User Management Feature Release

Ulyana Falach December 13, 2017


Proxies Demystified

Marshall Jones August 21, 2017

Securing IOT: Stream Level Redaction teaser image

Securing IOT: Stream Level Redaction

Gordon Young May 27, 2018