For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

OM's avatar
OM
Icon for Altocumulus rankAltocumulus
Mar 14, 2019

hide sensitive xml values in logs

hi, I am trying to mask in the ASM logs some values that are posted via xml structure (see the POST below). Do you have a step by step guidance that could help masking such data ? thanks. POST /...
application delivery
ASM Advanced WAF
Torti's avatar
Torti
Icon for Cirrus rankCirrus
Mar 14, 2019

use sensitive parameter setup with a xml profile.

 

Your problem here: Your xml has a bad design

 

one way: setup a namespace for your sensitive 'value' elements and add it as sensitive elements including the namespace in your xml profile. Without namespaces, all 'value' elements are invisible.

 

another way (better): rename your sensitive elements. password value element --> password

 

And then add it to sensitive elements in your xml profile.

 

Choose your URL /myuri/xml, select advanced view, go to header based content tab and connect it by request body handling as default action. Thats it.

 

Related Content