Dave_Pisarek_25
Mar 17, 2019Nimbostratus
Solved
irule or ASM Dataguard to mask sensitive data.
I am trying to mask specific data on the response from an application. In the curl output below you can see the version of the app running:
GET /messenger/ HTTP/1.1
Host: xxxxx
User-Agent: curl...
- Mar 17, 2019
I think it's just the regex. The documentation says it takes PCRE expressions, but maybe it's slightly different?
I put the string in the custom pattern exactly as it shows up in the response and it masks it:
HTTP/1.1 200 OK Date: Sun, 17 Mar 2019 16:14:09 GMT Last-Modified: Sun, 17 Mar 2019 15:49:08 GMT ETag: "2a-5844c365dbc0c" Accept-Ranges: bytes Content-Length: 42 Content-Type: application/json Set-Cookie: TS01ce3b70=01ab350b1380a1d499b6b31bbd8fd165e9cea5e3b49f3bb2488ec38e985de0fb0f24c3aa51ce1302f1a6ded68aff123b1f26f4d34c; Path=/; HTTPOnly {"some-data": "here"} *******************
Also, I think you'll want to disable blocking in learning and blocking for dataguard information leakage. You'll actually get a block page instead of the masked data if block is set.