Configuring a confidentiality policy on a Collector
To manage what private data the system obscures, deletes, or leaves unchanged, the Security role configures one or more confidentiality policies for cookies, POST parameters, URI path parameters, or URI query parameters.
Traffic elements and keys used by confidentiality policies
The system can obscure or delete private data according to policies that you configure for each of the following elements of traffic data:
Cookie key names are case insensitive. Cookie values, however, are case sensitive.
POST command parameters
Forms are a common feature of websites, used as means of getting information from end users to authentication engines, reservation systems, help desk and e-commerce applications. Logon credentials, credit card numbers, and so forth, are transmitted to the server by the parameters of the
URI path and query parameters
Web applications use Unified Resource Identifiers (URIs) to identify Internet resources. Both the path and query segments of a URI can contain private or otherwise sensitive data. The following table lists example URIs with the path and query parameters:
URI examples showing path and query segments
With path parameters
With query parameters
Keys for applying policies to traffic elements
For each element, you must identify keys and specify how the system will handle the element. For example, the system can apply MD5 hashing to obscure the value associated with a given key, it can delete the value only, or it can delete the entire name-value pair. You can also instruct the system to leave the data unchanged. Refer to the following table to see how the system handles data:
Options for handling private data
You can use the asterisk character (*) as a wildcard for matching in any key name. For example, typing
ASPsessionid* to create a rule for cookies will match
ASPsessionid2293C100, as well as
POST parameter keys are case sensitive.
For keys that are not explicitly identified, the system provides "catch-all" rules.
To configure a confidentiality policy for
POST command parameters
To configure separate rules for individual keys, use the asterisk character (*) as a wildcard in key names and change the processing order. For keys that are not explicitly identified, you can set the "catch-all" rule.
The procedure for configuring confidentiality policies is the same for all traffic elements. The following example shows how to configure a confidentiality policy for
POST command parameters. To perform this procedure, you must have
In the Real User Collector component, point to the Administration > Security settings, and then click Confidentiality policy.
- On the Action menu for the Confidentiality for Post - Param section, click Add.
In the Key column, type creditcard, and then click Hash.
If you do not know what key name corresponds with a given
POSTcommand parameter, click the lookup to get a list of observed values. In this example, if you open the list of observed values, it shows information about credit card and password (and possibly other key names).
- In the same way, add a confidentiality policy for passports, by typing passport in the Key box.
- Click Save.
The system now obscures passwords and credit card numbers.