Forum Discussion

Nimbostratus

Aug 20, 2013

How to mask HTTP Authorization header in ASM logs, similar to sensitive parameters?

The subject pretty much says it all. We use the "Sensitive Parameters" setting described in Chapter 9 of the "Configuration Guide for BIG-IP Application Security Manager" to ensure that passwords an...

ASM Advanced WAF

security

rob_carr

Cirrocumulus

Aug 22, 2013

This doesn't actually resolve the issue, per se, but why don't you change your logging profile to something like 'illegal requests only', then if you are recording sensitive information, it's only for sessions already deemed to be in violation?

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)