For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

OM's avatar
OM
Icon for Altocumulus rankAltocumulus
Mar 14, 2019

hide sensitive xml values in logs

hi,

I am trying to mask in the ASM logs some values that are posted via xml structure (see the POST below). Do you have a step by step guidance that could help masking such data ? thanks.

POST /myuri/xml HTTP/1.1
Host: mywebsite.com
User-Agent: myuseragent
Accept: */*
Cookie: JSESSIONID=mycookie
Content-Length: 600
Content-Type: application/x-www-form-urlencoded





securid-passcode


username

tesuser



passcode

1234123456
application delivery
ASM Advanced WAF

3 Replies

  • Torti's avatar
    Torti
    Icon for Cirrus rankCirrus
    Mar 14, 2019

    use sensitive parameter setup with a xml profile.

     

    Your problem here: Your xml has a bad design

     

    one way: setup a namespace for your sensitive 'value' elements and add it as sensitive elements including the namespace in your xml profile. Without namespaces, all 'value' elements are invisible.

     

    another way (better): rename your sensitive elements. password value element --> password

     

    And then add it to sensitive elements in your xml profile.

     

    Choose your URL /myuri/xml, select advanced view, go to header based content tab and connect it by request body handling as default action. Thats it.

     

  • OM's avatar
    OM
    Icon for Altocumulus rankAltocumulus
    Mar 14, 2019

    thanks, I'll try the first option as the second one is not possible to achieve (xml structure is embedded in vmware client application).

     

    om

     

Related Content