irule or ASM Dataguard to mask sensitive data.
I am trying to mask specific data on the response from an application. In the curl output below you can see the version of the app running:
GET /messenger/ HTTP/1.1 Host: xxxxx User-Agent: curl/7.54.0 Accept: /
< HTTP/1.1 200 OK < Access-Control-Allow-Origin: * < X-Request-ID: xxxxxx < Content-Type: application/json; charset=utf-8 < Content-Length: 19 < Date: Sun, 17 Mar 2019 14:21:03 GMT < Connection: keep-alive < * Connection 0 to host xxxxxxx left intact {"version":"3.4.4"}
I created the below regex and added it to dataguard but it is not masking the data:
/?:{\"version\":\"3.4.4\"})/
ASM settings: Block is enabled on the policy for Dataguard.
I have also tried the url /messenger/ in the list and nothing. What am I missing here? Also is there an irule to do the same as Dataguard?
I think it's just the regex. The documentation says it takes PCRE expressions, but maybe it's slightly different?
I put the string in the custom pattern exactly as it shows up in the response and it masks it:
HTTP/1.1 200 OK Date: Sun, 17 Mar 2019 16:14:09 GMT Last-Modified: Sun, 17 Mar 2019 15:49:08 GMT ETag: "2a-5844c365dbc0c" Accept-Ranges: bytes Content-Length: 42 Content-Type: application/json Set-Cookie: TS01ce3b70=01ab350b1380a1d499b6b31bbd8fd165e9cea5e3b49f3bb2488ec38e985de0fb0f24c3aa51ce1302f1a6ded68aff123b1f26f4d34c; Path=/; HTTPOnly {"some-data": "here"} *******************
Also, I think you'll want to disable blocking in learning and blocking for dataguard information leakage. You'll actually get a block page instead of the masked data if block is set.