We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Web Application Firewall

How to Mask Sensitive Data in Logs

  • Last updated on

Data masking security of the Barracuda Web Application Firewall obscures sensitive data elements before logging them. Configured parameters like social security numbers, credit card information, or other proprietary data in the URL parameters of a request can be protected from unauthorized exposure in the logs. Data masking is configured for an application using parameter names to specify sensitive data. Logged data appears in BASIC > Access Logs, with the sensitive data overwritten by 'X'es.

  • Masking cannot be applied to sensitive data in custom parameters or custom headers.
  • Once masked, the original data cannot be retrieved, recovered, or restored.

To configure Data Masking, perform the following steps:

  1. Go to the WEBSITES > Advanced Security page, Mask Sensitive Data In Logs section.
  2. Click Edit next to the service for which masking is necessary.
  3. In the Mask Sensitive Data window, enter the names of sensitive parameters. You can provide multiple parameter names separated by commas with no spaces between. Example: cardId,securityNumber,password

    ALWAYS begin the parameter name with alpha, underscore (_), dollar($) and asterisk(*) wildcard characters.  Asterisk(*) wildcard character is used to mask all parameters in the URL
    In addition to this, you can also use the following wildcard parameters anywhere while defining the parameter name - alphaneumeric, underscore(_), hyphen(-), dot(.), colon(:), dollar($),  at sign (@), hash(#),   asterisk(*), rectangular bracket[] and percentage (%).
     
    Examples:
    Example 1 – If you have the parameters “address_line_1, address_line_2, address_line_3 etc.,” coming in your request then, you can use “address_line*” if you want to mask this data.
    Example 2 – If you have the parameters “Password, password_field, passwd, passwd_entry etc.,” coming in your request then, you can use “pass*” if you want to mask this data.
    Example 3– If you have the parameters “phone_number, id_number, user_number, card_number etc.,” coming in your request then, you can use “*number” if you want to mask this data.
    Example 4– If you have the parameters “username, nominee_name, mother_name, , father_name, spouse_name etc.,” coming in your request then, you can use “*name” if you want to mask this data.
  4. Click Save.
Last updated on