iRule Approach to Mask Authorization Header for Bot Defense Logging – Validation Needed
I am working on masking sensitive information (specifically the Authorization header) from being exposed in Bot Defense logs on F5 BIG-IP Bot Defense, as there is currently no native feature available to mask the BOT request. To address this, I have implemented the following iRule: when HTTP_REQUEST { # Unique ID per request (handles keep-alive correctly) set req_id [HTTP::request_num] if {[HTTP::header exists "Authorization"]} { # Save original header for later restore set auth($req_id) [HTTP::header value "Authorization"] # Mask BEFORE Bot Defense inspects/logs HTTP::header replace "Authorization" "Bearer *******************************************************************************" } } when HTTP_REQUEST_RELEASE { # This runs AFTER Bot Defense logging but BEFORE server send set req_id [HTTP::request_num] if {[info exists auth($req_id)]} { # Restore original header for the application HTTP::header replace "Authorization" $auth($req_id) # Clean up memory unset auth($req_id) } } Is this iRule approach valid and reliable? Any suggestions for improvement or enhancement would be greatly appreciated.