Client Side Sensitive Parameter Encryption

Question

Hi All,
We have set some of the parameters as sensitive for the login pages and confirmed all those sensitive parameters values are masked in the ASM Logs.&nbsp;
Query: Whether the ASM Sensitive Parameter feature will mask the sensitive parameter values only in the ASM Logs? (Verified the parameter values at Client Browser, Proxy(Fiddler) and confirmed sensitive parameters values are not encrypted)&nbsp;
If ASM Sensitive Parameter and Websafe Credential Protection are different features, please suggest alternate options like irule to enable sensitive parameter encryption at client side. Note: BigIP is licensed with ASM and LTM.&nbsp;

samstep · Answer

ASM only protects the server side (requests which made it from user's browser to F5). If a user types a password/credit card in their browsers and doesn't click Submit button there is no way ASM can protect it as this password has not reached ASM yet. &nbsp;
If you want to protect the client side from man-in-the-browser malware you need WebSafe and Advanced WAF&nbsp;

Forum Discussion

Client Side Sensitive Parameter Encryption

1 Reply

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

Port Group on F5OS network setting

Advise on setting up IRULE

F5 iRule to replace host to path

google-visualization-issues

Related Content

Decrypt, Encrypt, Decrypt, Encrypt, Encrypt....

Let's Encrypt

Automate Let's Encrypt Certificates on BIG-IP

Deploy High-Availability and Latency-sensitive workloads with F5 Distributed Cloud

Encrypting Cookies