It seems like your browser didn't download the required fonts. Please revise your security settings and try again.

Login Sign Up Contact & Support

United States – English (GMT-8)

Email Protection

Total Email Protection

Email Gateway Defense (Email Security)

Impersonation Protection (Sentinel)

Cloud-to-Cloud Backup

Cloud Archiving Service

Security Awareness Training (PhishLine)

Email Security Gateway

Incident Response

Message Archiver

WAF-as-a-Service

Web Application Firewall

Cloud Security Guardian

Load Balancer ADC

Vulnerability Manager

Web Security Agent

Vulnerability Remediation Service

WAF Control Center

Active DDoS Prevention

Reporting Server

CloudGen Firewall

CloudGen Access

Network Access Client

Firewall Insights

Web Security Gateway

Firewall Policy Manager

Server Backup (Yosemite)

RMM (Managed Workplace)

Managed Security Awareness Training (Managed Phishline)

Intronis Backup

MSP – Partner Management

MSP Knowledgebase

MSP – Partner Sales Enablement

NextGen Firewall X

Campus Help Center / Reference

TechSummit 2019

Support Services

Network Security

Barracuda Web Application Firewall

Overview Documentation Training Certification Materials

Email Protection

Total Email Protection

Email Gateway Defense (Email Security)

Impersonation Protection (Sentinel)

Cloud-to-Cloud Backup

Cloud Archiving Service

Security Awareness Training (PhishLine)

Email Security Gateway

Incident Response

Message Archiver

WAF-as-a-Service

Web Application Firewall

Cloud Security Guardian

Load Balancer ADC

Vulnerability Manager

Web Security Agent

Vulnerability Remediation Service

WAF Control Center

Active DDoS Prevention

Reporting Server

CloudGen Firewall

CloudGen Access

Network Access Client

Firewall Insights

Web Security Gateway

Firewall Policy Manager

Server Backup (Yosemite)

RMM (Managed Workplace)

Managed Security Awareness Training (Managed Phishline)

Intronis Backup

MSP – Partner Management

MSP Knowledgebase

MSP – Partner Sales Enablement

NextGen Firewall X

Campus Help Center / Reference

TechSummit 2019

Support Services

Network Security

Login Sign Up Contact & Support

United States – English (GMT-8)

Back to Knowledgebase

How can I mask sensitive data appearing in the Access Logs of the Barracuda Web Application Firewall?

Type: Knowledgebase
Date changed: 2 years ago

Solution #00005880

Scope:

This solution applies to the Barracuda Web Application Firewall, all firmware versions.

Answer:
Credit card, Social Security Numbers (SSN), or any other sensitive data can be retrieved from the access logs.

To protect this data administrator has to specify the parameters under "Web Sites > Advanced Security > Mask Sensitive Data". This option allows the administrator to specify the parameters which are considered sensitive and to be hidden under Access Logs and Web Firewall Logs.

The Barracuda Web Application Firewall replaces the value of these parameters with X's, while logging it under Access Logs and Web Firewall Logs, if present in the request.

Note: Masking sensitive data is done only for URL parameters.

Sensitive Parameter Names - Enter the comma separated list of parameters which are to be masked. For example, Password, Name.

Link to this page:

https://campus.barracuda.com/solution/50160000000IgnTAAS

Additional Resources

More

Print Share Page