Masking a URL in the ASM event logs

Question

Dears,I have a question related to mask sensitive information in the logs for a Mobile APP (Rest API), these data are appearing in the URL and not parsed as parameters in the ASM policy so i am unable to mask them, do we have any workaround to mask URL in the logs?Regards,Muhannad

daniel_wolf · Answer

Hi Muhannad,
&nbsp;
when the parameter is part of the URL, maybe positional parameters can help to mask the value in the logs.
&nbsp;
For 15.1 and 16.1: K72880030: Positional parameters for a URL (15.1.x and 16.1.x)
For 17.1: K52644614: Creating positional parameters for a URL&nbsp;
&nbsp;
KRDaniel

afr_jn · Answer

Hi Muhannad,&nbsp;In applications that use REST-style URLs, parts of the URL file path contain strings that in fact function as parameter values. So you must observe the parameter on the URL and create Parameter with masking value.Example:StandardGET /login?username=xxxx&amp;password=yyyy HTTP/1.1&nbsp;REST URLGET /login/username/xxxx/password/yyyy HTTP/1.1

Forum Discussion

Masking a URL in the ASM event logs

Recent Discussions

Outlook application issue

Why does WAF block HTTP OPTION method

Rewriting Location Header in iRule

HA Configuration (One in primary and One in DR)

Sending a trusted certificate to server

Related Content

Log separation by event

Security event logs forwarding

AWAF - Do not log Geolocation violations from the Event Log

iRule Event Order Flowchart

export ASM event logs in csv format