We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
Accept
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Campus Barracuda Campus
Barracuda Web Application Firewall
Overview Documentation Training Certification Materials

Back to Knowledgebase

How can I mask sensitive data appearing in the Access Logs of the Barracuda Web Application Firewall?

  • Type: Knowledgebase
  • Date changed: 7 months ago

Solution #00005880


Scope:

This solution applies to the Barracuda Web Application Firewall, all firmware versions.

Answer:
Credit card, Social Security Numbers (SSN), or any other sensitive data can be retrieved from the access logs.

To protect this data administrator has to specify the parameters under "Web Sites > Advanced Security > Mask Sensitive Data". This option allows the administrator to specify the parameters which are considered sensitive and to be hidden under Access Logs and Web Firewall Logs.

The Barracuda Web Application Firewall replaces the value of these parameters with X's, while logging it under Access Logs and Web Firewall Logs, if present in the request.

Note: Masking sensitive data is done only for URL parameters.

Sensitive Parameter Names - Enter the comma separated list of parameters which are to be masked. For example, Password, Name.

Link to this page:

https://campus.barracuda.com/solution/50160000000IgnTAAS