F5 Data Guard - Expose last 4 digits for Custom Pattern
Hi, as from the screenshot below, we are able to choose to expose the last 4 digits for credit card numbers and U.S. Social Security Numbers. How about if we want to expose the last 4 digits for the custom patterns? It doesn't seem to have this option available. Anyone got idea on how to do so? Let's say the phone number or email address are considered as sensitive information and we don't want to mask the entire phone number and email address.F5 AWAF Data Guard
According to the online resources, the data guard features will mask response containing sensitive data or block the response. However, if the application itself displays the sensitive information which might be not from the response, will the sensitive information be masked or blocked?Data Guard exeption patterns configured via tmsh.
Hello Everyone, we have enabled Data Guard in our ASM policy and it works most of the time good ;). From time to time it happen that legit account nr. is validated as credit card nr. and so is blocked. We need than to add this pattern as exception - there is no problem to add this exception via GUI , however I'd like to ask if there is option to add this pattern via tmsh ? Thank you. Y
Data Guard Option not working
Hi All, I have a Rapid Deployment security policy, with learn, alarm and block settings enabled for Data Guard as well. But when i try to access the application, credit card number is not getting masked. Any suggestions what else I might be missing ? Big-IP version: 13.1.1Configuring monitor for DataGuard Oracle
Hi Experts, do you have guide where I can use as a reference in configuring DataGuard Oracle? I used this Deployment Guide but didnt work on me, https://www.f5.com/pdf/deployment-guides/oracle-rac-database-dg.pdf. I am thinking that this is something to do with the connection string that we configured. Connection string configured: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=db01)(PORT=1524))(CONNECT_DATA=(SERVICE_NAME=db.client.org))(SERVER=dedicated))
How "transparent" is transparent mode in ASM?
When setting up Application Security Manager, it's standard to set a security policy to "transparent" for a virtual server, watch what violations it catches, revise as needed and then change from transparent to blocking mode. It turns out transparent mode is not completely transparent and can break an application, even with simple defaults from a rapid deployment security policy. The Data Guard feature will, by default, replace a string of digits with asterisks if it thinks it may be a credit card or social security number. That can break an application if, for instance, that string of digits was in a critical piece of javascript code. It can of course be turned off by unchecking the Mask Data option in Data Guard, or by exempting certain URLs. Until this happened, I thought transparent mode was fairly safe to turn on, so I'd like to know what other features, especially those on by default, could interfere with a virtual server's traffic. ASM will add cookies by default, but I haven't seen that cause a problem yet. I don't know of any others on by default, but think that if the Web Scraping or Brute Force features are enabled, their client side integrity defense would be sending a javascript challenge to the client even in transparent mode. Anything else I'm missing? Any other caveats to applying a transparent mode ASM security policy?
ASM: Data Guard (Credit Card Number) Exception Rules
Hi Folks I'm having grief with Data Guard Credit Card processing. I have a bunch of web pages that use SVG graphics, and Data Guard is incorrectly detecting credit card numbers and masking some of the data used to render the graphic. If the ASM policy is in transparent mode it masks some of the data (with asterisks, and this distorts the rendered graphic), and if the policy is in blocking mode it blocks the page outright. It's definitely the credit card feature because if I disable this in Data Guard everything works normally. The data in question is contained between tags that explicitly starts with " ThanksASM Data Guard using custom pattern to mask sensitive data in HTTP-request header
I would like to use ASM Data Guard custom pattern to mask sensitive data that captured in http request header. The data that i want to mask is username and password within the http-request post Header. I want to mask following data __Requesttokanverification=nmsjfueotueihvbnxikwhjslkqjsdfgjhiertjdfgjkk&Username=joe&Password=test I've written following Reg pattern it doesn't work __Requesttokenverification=\w+\w+\w+&Username=\w+\d+&Password=\w+\d+
