Forum Discussion

Cirrus

Jan 29, 2024

Masking a URL in the ASM event logs

Dears, I have a question related to mask sensitive information in the logs for a Mobile APP (Rest API), these data are appearing in the URL and not parsed as parameters in the ASM policy so i am una...

security

afr_jn

Altocumulus

Jan 31, 2024

Hi Muhannad,

In applications that use REST-style URLs, parts of the URL file path contain strings that in fact function as parameter values. So you must observe the parameter on the URL and create Parameter with masking value.

Example:

Standard

GET /login?username=xxxx&password=yyyy HTTP/1.1

REST URL

GET /login/username/xxxx/password/yyyy HTTP/1.1

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Masking a URL in the ASM event logs

Jonathan - March 2026 Featured Member

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

2026 F5 DevCentral MVP Announcement

Recent Discussions

[ASM] : "Request length exceeds defined buffer size " - How to increase the limit ?

CPU load when Prometheus is scraping metrics from F5 BIG-IP LTM

Problem with sending BotDefense logs to remote server

ASM/AWAF declarative policy

Managing iRules configuration

Related Content

iRule Event Order Flowchart

Log separation by event

Logging/Blocking possible prompt injection

XC -Web Application Firewall - Exclude FQDN but log security events

Block IP Addresses With Data Group And Log Requests On ASM Event Log

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS