NimbostratusDears, i am trying to use the credit card masking in a web application using the ASM but the customer wants to mask credit card for specific user and for other users he wants to leave the credit card number as it is. the authentication is done on the web application side.
any hints?
AltostratusAlthough it's technically possible to mask the credit card numbers for certain users (or, preferably, not mask them for certain users), it would be tricky at best.
Furthermore, since you're dealing with credit card information you're required to comply with the PCI-DSS (standards set by the Payment Card Industry - applies to anyone dealing with credit card data).
If the application is already showing the card numbers to everyone and it cannot be configured to show the card numbers for only certain users, my guess is that the application itself violates the PCI-DSS. If that's true you have much bigger problems than trying to hide the numbers in certain situations...
NimbostratusIf the app is APM protected, this is really easy. 🙂
Use the CCN scrubber code (https://devcentral.f5.com/articles/irule-ccn-scrubber) and just add a user check around the masking portion.
if { [ACCESS::session data get "session.logon.last.username"] ne "username to allow cc access" } { mask CCN }