Forum Discussion
- Richard__HarlanHistoric F5 Account
If the web App uses a cookie to set the user name you can use that to pick a security profile one with Data guard enabled and one with it disabled.
- Ziad_K_49340Nimbostratus
hello richard,
how can i check the above solution? should i do it using an irule?
how can i check if the web apps support a cookie?
BR, Ziad
- Richard__HarlanHistoric F5 Account
You would have to do it in a iRule.
To get the cookie you would do something like the following
set username [[HTTP::cookie] ]
Then you can compare the username to a data group to see if what policy to enable.
https://devcentral.f5.com/wiki/iRules.class.ashx
now the one thing I am not sure about is if you need to start the iRule with ASM::disable then enable it with the correct policy.
- hooleylistCirrostratus
Do you want to mask credit card numbers in the actual requests/responses or just in the BIG-IP ASM GUI/logs? If the former, Richard's approach seems like it could work. If the latter, I don't think this makes sense to attempt. All CC's and sensitive data should be masked for administrative BIG-IP users.
Aaron
- ArieAltostratus
If the application provides all users access to the full credit card number and you're attempting to mask it for certain users, I'm wondering if the application is PCI-DSS compliant...
- Ziad_K_49340Nimbostratus
hello guys, thank you so much for your kind support. actually the users search for a case number in the web application and in this case number in the response page there is a grid where there is a field called credit card number.. the customer want for some users to show this credit card numbers.. for others to be masked.. this is what i really want. i have attached an example when the credit card are masked. i want the same grid for another user not to be masked the first field..
- ArieAltostratus
Sounds like a PCI-DSS audit nightmare waiting to happen... Something is amiss if the application can't handle this.
On the other hand, are you sure that the card numbers are actually available for display? The left column shows only asterisks - where's the masking being done?
- Ziad_K_49340Nimbostratus
hello Arie, sorry maybe there is a misunderstanding from my side. what i meant by masking is the asterisks. to hide the number of the credit card from being displayed using the asterisks.
- ArieAltostratus
I'm afraid I still don't completely understand. Does the application normally display the card numbers and are you trying to mask them for certain users?
- Ziad_K_49340Nimbostratus
Yes this is exactly what i want.. the application by default display the card numbers. i want for certain users to mask them using the asterisks and for other users to leave them in clear text as they are.