Masking a URL in the ASM event logs

Question

Dears,I have a question related to mask sensitive information in the logs for a Mobile APP (Rest API), these data are appearing in the URL and not parsed as parameters in the ASM policy so i am unable to mask them, do we have any workaround to mask URL in the logs?Regards,Muhannad

daniel_wolf · Answer

Hi Muhannad,
&nbsp;
when the parameter is part of the URL, maybe positional parameters can help to mask the value in the logs.
&nbsp;
For 15.1 and 16.1: K72880030: Positional parameters for a URL (15.1.x and 16.1.x)
For 17.1: K52644614: Creating positional parameters for a URL&nbsp;
&nbsp;
KRDaniel

afr_jn · Answer

Hi Muhannad,&nbsp;In applications that use REST-style URLs, parts of the URL file path contain strings that in fact function as parameter values. So you must observe the parameter on the URL and create Parameter with masking value.Example:StandardGET /login?username=xxxx&amp;password=yyyy HTTP/1.1&nbsp;REST URLGET /login/username/xxxx/password/yyyy HTTP/1.1

Forum Discussion

Masking a URL in the ASM event logs

2 Replies

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

Cisco TACACS+ Config on ISE LTM Pair

Illegal Metacharacter in Parameter Name in Json Data

AS3 declaration to set cookie to preferred

SSL Bridging and FQDN rewrite Policy

Checking for X-Forwarded-For against an Address Data-Group

Related Content

iRule Event Order Flowchart

Log separation by event

XC -Web Application Firewall - Exclude FQDN but log security events

Block IP Addresses With Data Group And Log Requests On ASM Event Log

export ASM event logs in csv format

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS