Forum Discussion

Nishal_Rai's avatar
Nishal_Rai
Icon for Cirrocumulus rankCirrocumulus
Apr 15, 2024

Can iRule mask the payload content on event logs of security

Hello Everyone,    Is it possible to mask the certain value of the request on the Application Security > Event Logs using iRule,   Since the application "Content-Type: application/octet-strea...
security
F5_Design_Engineer's avatar
F5_Design_Engineer
Icon for MVP rankMVP
Apr 15, 2024

try REGSUB -all , something like this to mask you mobile umber or password shown in the HTTP responses

 

when HTTP_RESPONSE {
    set clen [HTTP::header Content-Length]
    HTTP::collect $clen
}

when HTTP_RESPONSE_DATA {

    regsub -all {<PhoneNumber>(.*?)</PhoneNumber>} [HTTP::payload] {<PhoneNumber>********</PhoneNumber>} fixeddata
    log "Replacing payload with new data."
    HTTP::payload replace 0 $clen $fixeddata
    HTTP::release

}

 

https://my.f5.com/manage/s/article/K16533717

https://wiki.tcl-lang.org/page/regsub

https://spy86.github.io/CheatSheetCollection/DevOpsServices/F5.html