Forum Discussion
NimbostratusSensitive data configuration for JSON parameter
Hi expert I want to mask data to prevent operators see some sensitive data in ASM event logs. When user login to my application, event log will show a record of http request like this.
{"req":{"app":"MyMoABC","srv":"MyMoAuthen","op":"login","header":{"pwd":"111111","user":"2222222222222"}}}
I have operator team who can access f5 GUI and see this logging, so I try to configure sensitive data in Security››Application Security>>Content Profiles>>JSON Profiles to hide sensitive data. After I create a new JSON profile, I can see the tab "Sensitive Data Configuration". I try to add a couple of Element Name such as req, header, pwd then I assosiate this json profile with parameter that matched the request pattern. But event log still show everything without masking data. Did I miss something? Any advice would be appreciated.
11 Replies
Torti_93733you can mask it with a json profile. There you have to insert the element name and thats it.
But it depends on you release. An older one doesn't has the json profile feature.
chaloempone_147Hi Torti, Could you please give me some example if I need to hide "pwd" value for this json request. {"req":{"app":"MyMoABC","srv":"MyMoAuthen","op":"login","header":{"pwd":"111111","user":"2222222222222"}}} PS I use version 11.5.1- Torti_93733what happens, if you insert pwd into the sensitive data list? that should be enough.
- chaloempone_147Nothing happen after I add pwd in the sensitive data list > update > apply policy then try to login my application again. Event log still show plain text without masking data.
TortiCirrus
you can mask it with a json profile. There you have to insert the element name and thats it.
But it depends on you release. An older one doesn't has the json profile feature.- chaloempone_147Hi Torti, Could you please give me some example if I need to hide "pwd" value for this json request. {"req":{"app":"MyMoABC","srv":"MyMoAuthen","op":"login","header":{"pwd":"111111","user":"2222222222222"}}} PS I use version 11.5.1
- Tortiwhat happens, if you insert pwd into the sensitive data list? that should be enough.
- chaloempone_147Nothing happen after I add pwd in the sensitive data list > update > apply policy then try to login my application again. Event log still show plain text without masking data.
natheCirrocumulus
I've tested this on 11.6 (but sure i've tested previously on 11.5.1), anyway it worked for me. The only difference was I added JSON profile to a URL, not a parameter. Could you try that as a test?
Otherwise what you are doing appears sound.
HTH,
N
- Erik_Novak
Employee
-
Go to Security >> Application Security: Content Profiles: JSON Profiles and verify that you have create a JSON profile.
-
At the bottom of the JSON profile properties screen, click Sensitive Data Configuration and verify that the "Element Name" matches the name of the parameter you are trying to protect.
-
Now the question is are you trying to associate your JSON profile with a URL or with a parameter? If it's a URL, you need to ensure that said URL is part of the Allowed URLs list for your policy. If it is, go to the Advanced properties of the URL, and change the default value for header-based content profile to "Parsed as JSON." Then select your JSON profile from the Profile Name List menu to assign it to that URL.
-
It's easier if your JSON profile is configured to protect a parameter. First, make sure that the PWD parameter (or whatever the name is) is an allowed parameter. If it is, make sure the Parameter Value Type is "JSON value." Then select your JSON profile from the JSON Profile list to assign it to that parameter. That should do it.
-
- chaloempone_147
Hi all, The masking is work after I change "Request Body Handling" in URL properties from "FORM data" to JSON in URL properties menu. Thanks for every suggestions.
