Forum Discussion

Cirrus

Jan 29, 2024

Masking a URL in the ASM event logs

Dears, I have a question related to mask sensitive information in the logs for a Mobile APP (Rest API), these data are appearing in the URL and not parsed as parameters in the ASM policy so i am una...

security

afr_jn

Altocumulus

Feb 01, 2024

Hi Muhannad,

In applications that use REST-style URLs, parts of the URL file path contain strings that in fact function as parameter values. So you must observe the parameter on the URL and create Parameter with masking value.

Example:

Standard

GET /login?username=xxxx&password=yyyy HTTP/1.1

REST URL

GET /login/username/xxxx/password/yyyy HTTP/1.1

Forum Discussion

Masking a URL in the ASM event logs

Recent Discussions

Outlook application issue

Why does WAF block HTTP OPTION method

Rewriting Location Header in iRule

HA Configuration (One in primary and One in DR)

Sending a trusted certificate to server

Related Content

Log separation by event

Security event logs forwarding

AWAF - Do not log Geolocation violations from the Event Log

iRule Event Order Flowchart

export ASM event logs in csv format