Forum Discussion

Cirrostratus

Jul 13, 2022

AWAF Bot Defense - Sensitive Parameter Masking

Hi there,

Have configured an AWAF policy to mask out a few sensitive parameters for incoming requests and that appears to be working as expected (log entries show data as masked)

However we also have Bot-Defense profiles attached and those same parameters are not masked in its log entries.

Does anyone have a solution for masking parameters across the board?

Thanks

Mark

security

Nikoolayy1
MVP
Jul 19, 2022
Better open a case as I think there was a bug but I couldn't find it. Also see if playing with the log publishers and what you can filter if you can hide the data or the HTTP body:

https://support.f5.com/csp/article/K11412315

https://support.f5.com/csp/article/K35284961#proc2