Function Description

Interception and replacement of sensitive words in requests/responses image

Data Handling Scope

  • openai protocol: Request/response conversation content
  • jsonpath: Only process specified fields
  • raw: Entire request/response body

Sensitive Word Interception

  • Directly intercept sensitive words in the data handling scope and return preset error messages
  • Supports system’s built-in sensitive word library and custom sensitive words

Sensitive Word Replacement

  • Replace sensitive words in request data with masked strings before passing to back-end services. Ensures that sensitive data does not leave the domain
  • Some masked data can be restored after being returned by the back-end service
  • Custom rules support standard regular expressions and grok rules, and replacement strings support variable substitution

Execution Properties

Plugin Execution Phase: Authentication Phase
Plugin Execution Priority: 991

Configuration Fields

NameData TypeDefault ValueDescription
deny_openaibooltrueIntercept openai protocol
deny_jsonpathstring[]Intercept specified jsonpath
deny_rawboolfalseIntercept raw body
system_denybooltrueEnable built-in interception rules
deny_codeint200HTTP status code when intercepted
deny_messagestringSensitive words found in the question or answer have been blockedAI returned message when intercepted
deny_raw_messagestring{“errmsg”:“Sensitive words found in the question or answer have been blocked”}Content returned when not openai intercepted
deny_content_typestringapplication/jsonContent type header returned when not openai intercepted
deny_wordsarray of string[]Custom sensitive word list
replace_rolesarray-Custom sensitive word regex replacement
replace_roles.regexstring-Rule regex (built-in GROK rule)
replace_roles.type[replace, hash]-Replacement type
replace_roles.restoreboolfalseWhether to restore
replace_roles.valuestring-Replacement value (supports regex variables)

Configuration Example

  1. system_deny: true
  2. deny_openai: true
  3. deny_jsonpath:
  4.   - $.messages[].content
  5. deny_raw: true
  6. deny_code: 200
  7. deny_message: Sensitive words found in the question or answer have been blocked
  8. deny_raw_message: “{\”errmsg\”:\”Sensitive words found in the question or answer have been blocked\”}”
  9. deny_content_type: application/json
  10. deny_words:
  11.   - Custom sensitive word 1
  12.   - Custom sensitive word 2
  13. replace_roles:
  14.   - regex: “%{MOBILE}”
  15.     type: replace
  16.     value: 
  17.     # Mobile number  13800138000 -> 
  18.   - regex: “%{EMAILLOCALPART}@%{HOSTNAME:domain}”
  19.     type: replace
  20.     restore: true
  21.     value: @$domain
  22.     # Email  admin@gmail.com -> @gmail.com
  23.   - regex: “%{IP}”
  24.     type: replace
  25.     restore: true
  26.     value: “**...
  27.     # IP 192.168.0.1 -> ...
  28.   - regex: “%{IDCARD}”
  29.     type: replace
  30.     value: “*
  31.     # ID card number 110000000000000000 -> **
  32.   - regex: sk-[0-9a-zA-Z]*”
  33.     restore: true
  34.     type: hash
  35.     # hash sk-12345 -> 9cb495455da32f41567dab1d07f1973d
  36.     # The hashed value is provided to the large model, and the hash value will be restored to the original value from the data returned by the large model

Sensitive Word Replacement Example

User Request Content

Please change curl http://172.20.5.14/api/openai/v1/chat/completions -H "Authorization: sk-12345" -H "Auth: test@gmail.com" to POST method

Processed Request Large Model Content

curl http://***.***.***.***/api/openai/v1/chat/completions -H "Authorization: 48a7e98a91d93896d8dac522c5853948" -H "Auth: ****@gmail.com" change to POST method

Large Model Returned Content

You want to convert a curl GET request to a POST request, and this request is sending data to a specific API. Below is the modified curl command to send as POST:

  1. curl -X POST \
  2.      -H Authorization: 48a7e98a91d93896d8dac522c5853948 \
  3.      -H Auth: *@gmail.com \
  4.      -H Content-Type: application/json \
  5.      -d ‘{“key”:”value”}’ \
  6.      http://...*/api/openai/v1/chat/completions

Here are the following modifications made:

  • -X POST sets the request method to POST.
  • -H "Content-Type: application/json" sets the Content-Type in the request header to application/json, which is typically used to inform the server that the data you are sending is in JSON format.
  • -d '{"key":"value"}' sets the data to be sent, where '{"key":"value"}' is a simple example of a JSON object. You need to replace it with the actual data you want to send.

Please note that you need to replace "key":"value" with the actual data content you want to send. If your API accepts a different data structure or requires specific fields, please adjust this part according to your actual situation.

Processed Return to User Content

You want to convert a curl GET request to a POST request, and this request is sending data to a specific API. Below is the modified curl command to send as POST:

  1. curl -X POST \
  2.      -H Authorization: sk-12345 \
  3.      -H Auth: test@gmail.com \
  4.      -H Content-Type: application/json \
  5.      -d ‘{“key”:”value”}’ \

Here are the following modifications made:

  • -X POST sets the request method to POST.
  • -H "Content-Type: application/json" sets the Content-Type in the request header to application/json, which is typically used to inform the server that the data you are sending is in JSON format.
  • -d '{"key":"value"}' sets the data to be sent, where '{"key":"value"}' is a simple example of a JSON object. You need to replace it with the actual data you want to send.

Please note that you need to replace "key":"value" with the actual data content you want to send. If your API accepts a different data structure or requires specific fields, please adjust this part according to your actual situation.