ASM hide parameter sensitive data in the logs
hi, I am trying to hide (mask) sensitive data for parameters such as password, social id, etc. I added a parameter in the (Security --> Application Security --> Parameters --> Sensitive Parameters) without success. I also added a parameter in the parameters' list, no luck. the password is still in clear text in the logs. my os version is 12.3.1, I am using POST requests and the parameters are in the header as follows:
POST /myloginpage HTTP/1.1 Host: mysite.com Connection: keep-alive Content-Length: 1412 Cache-Control: max-age=0 Origin: https://mysite.com Upgrade-Insecure-Requests: 1 Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8 Referer: https://mysite.com Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9,fr;q=0.8 Cookie : cookie....
NAME_2_AJXButtonAction&C2__LOGIN%5B1%5D.ACCESSCODE=myuser&C2__LOGIN%5B1%5D.FORMPASSWORD=mypass
any hint ?
thank you.
om