For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

chaloempone_147's avatar
chaloempone_147
Icon for Nimbostratus rankNimbostratus
Feb 23, 2015

Sensitive data configuration for JSON parameter

Hi expert I want to mask data to prevent operators see some sensitive data in ASM event logs. When user login to my application, event log will show a record of http request like this. {"req":{"app...
ASM Advanced WAF
management
security
Erik_Novak's avatar
Erik_Novak
Icon for Employee rankEmployee
Feb 23, 2015

  1. Go to Security >> Application Security: Content Profiles: JSON Profiles and verify that you have create a JSON profile.

     

  2. At the bottom of the JSON profile properties screen, click Sensitive Data Configuration and verify that the "Element Name" matches the name of the parameter you are trying to protect.

     

  3. Now the question is are you trying to associate your JSON profile with a URL or with a parameter? If it's a URL, you need to ensure that said URL is part of the Allowed URLs list for your policy. If it is, go to the Advanced properties of the URL, and change the default value for header-based content profile to "Parsed as JSON." Then select your JSON profile from the Profile Name List menu to assign it to that URL.

     

  4. It's easier if your JSON profile is configured to protect a parameter. First, make sure that the PWD parameter (or whatever the name is) is an allowed parameter. If it is, make sure the Parameter Value Type is "JSON value." Then select your JSON profile from the JSON Profile list to assign it to that parameter. That should do it.