Forum Discussion

Nimbostratus

Mar 09, 2016

Is there a way to mask JSESSIONID?

My understanding of Data Mask is for masking response only, not for request. Is it correct? I tried to mask the JESSIONID value because I do not want it to show on the alerts and splunk log. ...

Nimbostratus

Mar 09, 2016

The first step to solve your issue is to determine what JSESSIONID is for your application - a Cookie, a Header, a Payload Parameter(POST) or a URI Parameter? JSESSIONID used to be a universal name for session cookies, but nowadays it's used in many different ways.

In any case, if that's a cookie which is inserted by BigIP, and is only significant for the balancing/persistency decisions in BigIP; it should not be a problem to use a substitution value. If that cookie has a significant function for the end-server or other middleware, there are more things to consider.

Your understanding about Data Guard is correct. It's only use is to mask the sensitive data values from the end-user, not from the back-end systems.

Forum Discussion

Is there a way to mask JSESSIONID?

Recent Discussions

URL

Problems connecting to vpn after upgrading to ubuntu 24.04

Wildcard SSL Certificate Deployment on F5 LTM

iRule resulting in too many redirects

What happens if I only enable ASM in BIG-IP Under System > Resource Provisioning

Related Content

Weblogic JSessionID Persistence

Response port masking

Weblogic JSessionID Persistence for Session Replication

URI Masking

Masking a URL?