F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

chiznitz_15400's avatar
chiznitz_15400
Icon for Nimbostratus rankNimbostratus
Jul 01, 2013

Mask Request Body ASM Reporting

Hi,   Recently support told me that there is no way to turn off Request Body logging in the ASM. The requests that come in to our ASM have sensitive information that needs to be masked. We were ...
application delivery
dev
devops
iRules
chiznitz_15400's avatar
chiznitz_15400
Icon for Nimbostratus rankNimbostratus
Jul 02, 2013

Brought an 11.4 appliance up in the lab and the masking of the credit card number itself works but the rest of the data is still not masked. This data could be CVV etc etc that is not allowed to be logged by PCI compliance.

 

 

here is an example request that we would want to mask, replaces what would normally be card data or sensitive info.

 

 

POST /Micros/process_transaction.cgi HTTP/1.1:

 

Host: 192.168.1.1

 

Content-Type: x-VISA-II/x-auth

 

Connection: Keep-Alive

 

Cache-Control: no-cache

 

Pragma: no-cache

 

User-Agent: VSCA

 

Content-Length: 158

 

Cookie: TS6c52a9=78f9df9fcdfa6b306b81503d3cd9b20ab7c9eb723cec0c1e51cb6853

 

X-Forwarded-For: 192.168.1.2

 

 

 

K0.90005008843003212500010001QF840840272150000007055812Y125754@HB^DUMMY /NAME H^ MY PLACE OF BUSINESS NC %

 

 

 

 

 

There are no tags to list as parameters, its just a raw string. Any idea how this could be masked in local logging?