/

Managing your Routes

Manage routes in the Dashboard

Routes Managements is a feature on Dashboard which allows to set Filters and secure the data in a variaty of flexible ways. VGS Routes let you:

Create, edit and delete routes

Create a Route from dashboard

To configure a basic route: 1. Log into the VGS Dashboard. 2. Navigate to Routes on the left side menu bar. 3. Click Add new route (choose either inbound/outbound).  routes-management 4. In the Routes Manage panel, provide name for your route. This will help you to manage and quickly identify your routes going forward.  routes-management 5. In the Routes Manage panel, provide your Upstream Host.  routes-management 6. Next, start creating filters: adding condition or the condition group.  routes-management 7. Now specify the content type and fields to secure, and choose an operation that needs to be performed on that data - either redact or reveal. 8. The last, choose storage value, alias format, and click Save.

The newly created route will appear on Routes list. Now, as you configured your route, go ahead and send a request and check it out on the Access Logger.

Alternative ways to create a Route

Edit a Route:

  1. Locate the route to modify and click Manage button.
  2. In the Manage panel, enter the changes you’d like to make.
  3. Click Save.

Delete a Route:

  1. Locate the route to modify and click Manage button.
  2. In the Manage panel, navigate to the bottom of the page, and click Delete route.

Setting the filter trigger order

To reorder filters: 1. Locate the route to modify and click Manage button. 2. Navigate to Filters section. 3. Click Reorder buttom and set the filter order using drag-and-drop. 4. Click Done to save reordering. 5. Save the Route changes.

routes-management

Duplicate a filter

Route filters could be duplicated (for example, when multiple fields need to be processed in a similar way). Use Copy button to duplicate a filter and setup the route faster.

routes-management

IP whitelisting

IP whitelisting allows you to explicitly restrict access to specific IP addresses and/or CIDR notations for APIs. We highly recommend using this feature as an additional security protection. The feature is available for both Inbound and Outbound routes.

Enable IP whitelisting on a route:

  • Enter an IP or CIDR to match the IP address the request is made from. For example 172.16.254.1, 2001:db8:0:1234:0:567:8:1, 192.168.1.15/24. Multiple IP addresses could be added separated by comma
  • Click return
  • Save the route
ip-whitelisting-outbound

How to configure multiple Inbound Routes (using CNAME)

In order to be able to configure multiple Inbound Routes and/or use a branded hostname instead of the default VGS one you should set up Custom Hostnames.

Add a Custom Hostname on the dashboard:

  1. Log in to the VGS dashboard.
  2. Go to the Vault Settings > Custom Hostnames
  3. Click Add
  4. Enter the domain alias (CNAME domain). For example payments.customdomain.com
  5. Click Save

Custom hostnames

The validation and deployment process completes in ~90 seconds. After adding the Custom Hostname, view the provisioning status under the Status column in the CNAMEs section. The provisioning takes up to 30 minutes. VGS defaults to auto-renewal of the TLS certificate.

If the provisioning was successful - the status will change from ‘Provisioning’ to ‘Valid’

If the hostname is invalid:

  • Visit your DNS provider
  • Add a CNAME record for mydomain pointing to either <tenant_id>.sandbox.verygoodproxy.com or <tenant_id>.live.verygoodproxy.com

If you’ve already done this, allow up to 24 hours for the changes to propagate. Once issued, certificates are valid for one (1) year, and renew automatically 30 days before expiration. Renewals require no action from your side.

Add a Custom Hostname to inbound route

To assign a custom hostname an inbound route:

  1. Go to Routes › click Manage

  2. Click on + icon on the Custom Hostnames section

  3. Select custom hostname from the list or add a new CNAME

  4. Save the route

Custom hostnames routes

More information about Custom hostnames.

If you have any questions, comments or feedback on this guide contact us on our site chat or at support@verygoodsecurity.com

Common routes configurations

Route filters support different operation types and could be flexibly set for different kinds of data.

Query parameter redact/reveal

To redact or reveal a query parameter data use a regex and set uri as a target. Check if the request was processed correctly in the Access Logger

Note: pathinfo filter won't match the query parameters, that's why a RegExp is used.

queryparametersqueryparameters-logger

Headers redact/reveal

To work with headers set headers.{{headername}} target and ^(.*)$ JSON pathinfo.

headers

PDF redact/reveal

Route editor supports work with PDF documents: upload the document and select the area which need to be redacted or revealed. Document coordinates will appear below the document and will be saved in the route config to process the data.

pdf

Multiple fields redact/reveal

Multiple fields can be used in the same filter.

Note
make sure that selected storage type and transformer fit all defined fields inside of the same filter.
multiple fields

Redact a file through VGS HTTP proxy

You can redact any file through VGS HTTP proxy by sending this file in your request. For example to redact an image:

  1. Convert an image into the base64 format.

  2. Create JSON file with the base64 text of the image.

  3. Create a new inbound route in VGS dashboard with default settings. Add the field from your file in JSON path in the filter section to redact this particular field.

redact_through_http
  1. Use this curl request in order to send an image to VGS proxy:
curl https://your_tenant_id.sandbox.verygoodproxy.com/post \
    -H "Content-type: application/json" \
    -d @ABSOLUTE_PATH_TO_JSON_FILE
This is a sample VGS echo server
This is a login from access credentials
This is a password from access credentials
This is a HTTP port number to access
This is a  sample VGS alias  in a generic format
This is a sample test  vault id
This is a username/password pair of  access credentials  for a sample test vault
This is a sample  vault url, that contains the vault id and the sandbox environment
This is a sample  vault host,  which contains sample test vault id and sandbox environment
This is a current Organization ID
This is a current vault id
The unique name that identifies a specific iframe
This is a  sample VGS alias  in a generic format
  1. Check the Access Logs to make sure request was sent successfully.

You can upload files up to 24MB in size. The Vault API supports files up to 32MB in size.