Skip to main content
The Response Body Find & Replace action enables you to modify HTTP response body content by finding and replacing text patterns using regular expressions. This is useful for redacting sensitive information in responses, transforming data formats, or modifying AI model outputs before they reach clients.

Configuration reference

The Traffic Policy configuration reference for this action.

Supported phases

on_http_response

Type

response-body-find-replace

Configuration fields

replacements
array
Required
Array of replacement rules to apply to the response body. Rules are applied in order.Minimum 1 replacement required.
from
string
Required
Supports CEL
Regular expression pattern to match. Supports RE2 syntax. CEL interpolation is supported for dynamic patterns.
to
string
Supports CEL
Replacement string. Use $1, $2, etc. to reference capture groups from the pattern. CEL interpolation is supported for dynamic replacements. If omitted or empty, matched text is deleted.

Behavior

When this action executes, it buffers the entire response body, applies all replacement rules in order, and updates the Content-Length header if present.

Pattern matching

The from field accepts RE2 regular expressions. All matches in the body are replaced, not just the first occurrence.

Capture groups

You can use capture groups in your pattern and reference them in the replacement: 
replacements:
  - from: "error_code: ([0-9]+)"
    to: "error_code: HIDDEN"

CEL expressions

Both from and to fields support CEL interpolation for dynamic values: 
replacements:
  - from: "${vars.sensitive_pattern}"
    to: "[REDACTED by ${req.headers['x-request-id']}]"
When using CEL in the from field, the resulting string must be a valid regular expression.

Content-Length handling

After replacements are applied, the action automatically updates the Content-Length header to reflect the new body size.

Ordering

Replacement rules are applied in the order they are specified. Later rules operate on the result of earlier rules.

Examples

Redacting sensitive data from AI responses

The following configuration redacts personal information from AI model responses.

Example Traffic Policy document

on_http_response:
  - actions:
      - type: response-body-find-replace
        config:
          replacements:
            # Redact SSN patterns
            - from: "\\b\\d{3}-\\d{2}-\\d{4}\\b"
              to: "[SSN REDACTED]"
            # Redact credit card numbers
            - from: "\\b\\d{4}[- ]?\\d{4}[- ]?\\d{4}[- ]?\\d{4}\\b"
              to: "[CARD REDACTED]"
            # Redact phone numbers
            - from: "\\b\\d{3}[-.\\s]?\\d{3}[-.\\s]?\\d{4}\\b"
              to: "[PHONE REDACTED]"

Example response

Before (original response body): 
Here's the customer information:
- SSN: 123-45-6789
- Credit Card: 4111-1111-1111-1111
- Phone: 555-123-4567
After (modified response body): 
Here's the customer information:
- SSN: [SSN REDACTED]
- Credit Card: [CARD REDACTED]
- Phone: [PHONE REDACTED]

Adding disclaimers to AI responses

Append legal disclaimers or warnings to AI-generated content: 
on_http_response:
  - expressions:
      - "res.headers['content-type'].contains('application/json')"
    actions:
      - type: response-body-find-replace
        config:
          replacements:
            - from: '"content":\s*"([^"]*)"(\s*})'
              to: '"content": "$1\n\n---\nDisclaimer: This response was generated by AI and may contain errors."$2'

Sanitizing error messages

Remove internal error details from responses before sending to clients: 
on_http_response:
  - expressions:
      - "res.status_code >= 500"
    actions:
      - type: response-body-find-replace
        config:
          replacements:
            - from: '"stack_trace":\s*"[^"]*"'
              to: '"stack_trace": "[HIDDEN]"'
            - from: '"internal_error":\s*"[^"]*"'
              to: '"internal_error": "[HIDDEN]"'

Action result variables

The following variables are made available for use in subsequent expressions and CEL interpolations after the action has run. Variable values will only apply to the last action execution, results are not concatenated.
actions.ngrok.response_body_find_replace.replacements
array
Array of objects describing which replacement rules matched.
replacement_index
integer
The zero-based index of the replacement rule that matched.
matched_content
string
The first matched content from this replacement rule.