Forum Discussion

ee's avatar
ee
Icon for Cirrus rankCirrus
Oct 02, 2024

F5 Data Guard - Expose last 4 digits for Custom Pattern

Hi, as from the screenshot below, we are able to choose to expose the last 4 digits for credit card numbers and U.S. Social Security Numbers. How about if we want to expose the last 4 digits for the custom patterns? It doesn't seem to have this option available. Anyone got idea on how to do so? 

Let's say the phone number or email address are considered as sensitive information and we don't want to mask the entire phone number and email address. 

 

custom pattern
data guard
Masking
  • yakai's avatar
    yakai
    Icon for Cirrus rankCirrus
    Oct 02, 2024

    Hello,

    I believe that this use case can be done with irules.

    You will need to identify a pattern, search for this pattern in your response page, and then replace the the response with only last for digits.

     

    This irule ma

    when HTTP_RESPONSE {
    set response_data [HTTP::response]

    # Regex to match the email pattern
    set pattern {([a-zA-Z0-9._%+-]+)@([a-zA-Z0-9.-]+\.[a-zA-Z]{2,})}
    
    # Replace the matched email with asterisks and keep the last four characters of the email
    regsub -all $pattern $response_data {****@\$2} masked_response
    
    # Replace the original response with the masked one
    HTTP::response replace 0 [HTTP::header Content-Length] $masked_response
}

     

     

    regards

    • ee's avatar
      ee
      Icon for Cirrus rankCirrus
      Oct 03, 2024

      Thanks for the guidance. I have lack of information regarding the irules, does this irules affect one policy or the whole application which enabling the Data Guard feature? 

      • yakai's avatar
        yakai
        Icon for Cirrus rankCirrus
        Oct 03, 2024

        This should not have  a negative impact on your application, however I will advise to test it on a test VS before applying it on production VS

  • Aswin_mk's avatar
    Aswin_mk
    Icon for Cumulonimbus rankCumulonimbus
    Oct 02, 2024

    can u try below pcre patterns ^[6-9]\d{9}$ - for mob num(indian) - like you can configure where you are(which country you need

    Here’s how the pattern breaks down:

    • ^: Anchors the match to the start of the string.
    • [6-9]: The first digit must be between 6 and 9.
    • \d{9}: The next 9 characters must be digits.
    • $: Anchors the match to the end of the string.

     

    for email i think it will work - (?:[^\w]|^)([a-z0-9+_\-\.]+[^\.]@(?:[a-z0-9](?:[a-z0-9\-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9\-]*[a-z0-9])?)(?:[^\w]|$) 

     

    please test it in a test policy

     

    BR
    Aswin