Forum Discussion
OM
Nimbostratus
Nimbostratushide sensitive xml values in logs
hi,
I am trying to mask in the ASM logs some values that are posted via xml structure (see the POST below). Do you have a step by step guidance that could help masking such data ? thanks.
POST /myuri/xml HTTP/1.1
Host: mywebsite.com
User-Agent: myuseragent
Accept: */*
Cookie: JSESSIONID=mycookie
Content-Length: 600
Content-Type: application/x-www-form-urlencoded
securid-passcode
username
tesuser
passcode
1234123456
TortiAltostratus
use sensitive parameter setup with a xml profile.
Your problem here: Your xml has a bad design
one way: setup a namespace for your sensitive 'value' elements and add it as sensitive elements including the namespace in your xml profile. Without namespaces, all 'value' elements are invisible.
another way (better): rename your sensitive elements. password value element --> password
And then add it to sensitive elements in your xml profile.
Choose your URL /myuri/xml, select advanced view, go to header based content tab and connect it by request body handling as default action. Thats it.
OMthanks, I'll try the first option as the second one is not possible to achieve (xml structure is embedded in vmware client application).
om
samstepCirrocumulus
- use XML profile
- Read the manual (Masking Sensitive Data): https://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-13-1-0/19.htmlguid-4505fa7d-1f02-4397-a529-6712444a53b4