Login page user name and password visible in Browser.

Question

We have Public website, where we manage authentication for users. During Our Audit we found, Username and password are visible in logs of browser.

We need hide it for all users. Do we have option in F5 AWAF?

daniel_wolf · Answer

Hi Ironman,&nbsp;I am afraid to tell you - this is how it works. When you enter username and password (or any other form data) in a form, then the browser will have this information in clear-text. This is why man-in-the-browser attacks are successful.If you have AdvWAF and Fraud Protection Service licensed, you could use Application Layer Encryption in order to prevent this kind of attacks. Application Layer Encryption helps you to protect against in-browser key loggers. &nbsp;Take a look at the WAF manual: Encrypting Data on the Application LevelAnd there is a great lab guide from the Agility 2021 that would guide you through the process:Lab 3.1: DataSafe&nbsp;KRDaniel

Forum Discussion

Login page user name and password visible in Browser.

1 Reply

Security Best Practices for F5 Products

F5 AppWorld 2026 Registration - early bird pricing.

Kostas Injeyan - October 2025 Featured Member

Recent Discussions

Need Advice on below issue

SSO login for APM Profiles

Virtual Server Configuration requirements for ISO 8583 traffic (Single persistent TCP session)

threat hunting guide

Webtop which has VNC for macos users

Related Content

Visibility and Orchestration

F5 App Study Tool with passwords stored in Vault

Implementing BIG-IP WAF logging and visibility with ELK

Password Safety & Security: Passwords vs. Passphrases

Shift-left Security Visibility

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS