NimbostratusMy understanding of Data Mask is for masking response only, not for request. Is it correct?
I tried to mask the JESSIONID value because I do not want it to show on the alerts and splunk log.
Thanks!!
CirrostratusHi, I would definitely look at this similar conversation, hope this will help.
https://devcentral.f5.com/questions/masking-jsessionid-with-asm
If this not solve the issue, i am just thinking of data guard with exception pattern but not sure though..
cheers,
NimbostratusThe first step to solve your issue is to determine what JSESSIONID is for your application - a Cookie, a Header, a Payload Parameter(POST) or a URI Parameter? JSESSIONID used to be a universal name for session cookies, but nowadays it's used in many different ways.
In any case, if that's a cookie which is inserted by BigIP, and is only significant for the balancing/persistency decisions in BigIP; it should not be a problem to use a substitution value. If that cookie has a significant function for the end-server or other middleware, there are more things to consider.
Your understanding about Data Guard is correct. It's only use is to mask the sensitive data values from the end-user, not from the back-end systems.