Forum Discussion
Masking a URL in the ASM event logs
Dears,
I have a question related to mask sensitive information in the logs for a Mobile APP (Rest API), these data are appearing in the URL and not parsed as parameters in the ASM policy so i am unable to mask them, do we have any workaround to mask URL in the logs?
Regards,
Muhannad
Hi Muhannad,
when the parameter is part of the URL, maybe positional parameters can help to mask the value in the logs.
For 15.1 and 16.1: K72880030: Positional parameters for a URL (15.1.x and 16.1.x)
For 17.1: K52644614: Creating positional parameters for a URL
KR
Daniel- afr_jnAltocumulus
Hi Muhannad,
In applications that use REST-style URLs, parts of the URL file path contain strings that in fact function as parameter values. So you must observe the parameter on the URL and create Parameter with masking value.
Example:
Standard
GET /login?username=xxxx&password=yyyy HTTP/1.1
REST URL
GET /login/username/xxxx/password/yyyy HTTP/1.1
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com