For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

gowenfawr's avatar
gowenfawr
Icon for Nimbostratus rankNimbostratus
Aug 20, 2013

How to mask HTTP Authorization header in ASM logs, similar to sensitive parameters?

The subject pretty much says it all. We use the "Sensitive Parameters" setting described in Chapter 9 of the "Configuration Guide for BIG-IP Application Security Manager" to ensure that passwords an...
ASM Advanced WAF
security
Torti's avatar
Torti
Icon for Cirrus rankCirrus
Aug 21, 2013

Hi,

 

there is no option to do this. A Header is no part of the body and it isn't a "classic http parameter". If you need such an option, you should open a feature request. If it is a problem, because you send the log files to another destination? Perhaps, you could do it there.

 

gowenfawr's avatar
gowenfawr
Icon for Nimbostratus rankNimbostratus
Aug 21, 2013
That being said, any pointers to the appropriate method for filing a feature request? Is that a support account issue, or generally handled through DevCentral?