For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Muhannad's avatar
Muhannad
Icon for Cirrus rankCirrus
Jan 29, 2024

Masking a URL in the ASM event logs

Dears, I have a question related to mask sensitive information in the logs for a Mobile APP (Rest API), these data are appearing in the URL and not parsed as parameters in the ASM policy so i am una...
security
afr_jn's avatar
afr_jn
Icon for Altocumulus rankAltocumulus
Feb 01, 2024

Hi Muhannad,

 

In applications that use REST-style URLs, parts of the URL file path contain strings that in fact function as parameter values. So you must observe the parameter on the URL and create Parameter with masking value.

Example:

Standard

GET /login?username=xxxx&password=yyyy HTTP/1.1

 

REST URL

GET /login/username/xxxx/password/yyyy HTTP/1.1