Configuring confidentiality policies

To manage what private data the system obscures, deletes, or leaves unchanged, the Security role configures one or more confidentiality policies:

  • Confidentiality policy for cookies
  • Confidentiality policy for POST parameters
  • Confidentiality policy for URI path parameters
  • Confidentiality policy for URI query parameters

To configure separate rules for individual keys, use the asterisk character (*) as a wildcard in key names and change the processing order. For keys that are not explicitly identified, you can set the "catch-all" rule.

Example

By default, the system deletes all POST parameters. You want to add rules that obscure credit card numbers and passwords.

To configure a confidentiality policy for POST command parameters

The procedure of configuring confidentiality policies is the same for all traffic elements. The following example shows how to configure a confidentiality policy for POST command parameters.

The macro unmigrated-inline-wiki-markup from Confluence is no longer available.

  1. In the

    The macro unmigrated-inline-wiki-markup from Confluence is no longer available.

    component, point to the Administration > Security settings, and then click Confidentiality policy.
  2. On the Action menu for the Confidentiality for Post - Param section, click Add.

  3. In the Key column, type creditcard, and then click Hash

    Note

    If you do not know what key name corresponds with a given POST command parameter, click the lookup to get a list of observed values. In this example, if you open the list of observed values, it shows information about credit card and password (and possibly other key names).

  4. In the same way, add a confidentiality policy for passports, by typing passport in the Key box.
  5. Click Save.

Result

The system now obscures passwords and credit card numbers.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*