Forum Discussion
Nimbostratusasm data guard mask data
suppose there is a html entity (script src http:abc.com/abc.js ) in the response head, and asm configuration as following:
- data guard :enabled,
- custome patterns: abc.com/abc.js
- mask data :enabled
- block setting: Data Guard: Information leakage detected :Learn, Alarm;
Can asm mask response content(abc.com/abc.js) with asterisk character?
thank in advance.
4 Replies
gsharriAltostratus
When defining a custom pattern you are telling ASM to mask any string of characters that match the pattern. If your custom pattern is "abc.com/abc.js" ASM will mask those literal 14 characters but will not mask the actual code I assume you are trying to hide. Also Data Guard can mask only 100 characters maximum.
If you require more extensive data masking you will need to implement an iRule or Stream profile.
gwl_34698- appreciate your response.
- but it seems that it can't mask the custom pattern.in firefox web debug tools,the request to abc.com/abc.js issued.
- can you point a link that implement irule to mask extensive data?
- sorry for my poor english.
- thx in advance
- gsharri
After reading your original question again I see that I missed that the content you wish to mask is in an http response header (if I understand correctly). It may be that Data Guard does not mask patterns in headers, only response body content.
Click here: iRule Response Scrubbing for example code. Techniques like this would need to be applied to the response header.
Also here: iRule HTTP commands and events for iRule http options. - gwl_34698
appreciate your response. you are right,the content that i wish to mask is in an http response header. if i check the block setting ,asm will block the request and log a message that indicate sensitive info leak. what i wish is mask the sensitive data. I'll check the links out. sorry for my poor english . thanks again.
