What Happened?
Sensitive information e.g. password, CSRF, and credit card number are visible in the logs. How can I mask that information?
Environment
- F5® Distributed Cloud WAF
Resolution/Answer
To mask sensitive information in the logs:
- Go to AppFirewall -> Advanced Configuration -> Mask Sensitive Parameters in Logs
- Select Custom option
- Configure list of headers/cookies/query parameters that you want to anonymize
- Enable WAF for HTTP loadbalancer and associate this AppFirewall with that loadbalancer.