AnsweredAssumed Answered

Manage Cookie. How to avoid logging sensitive informations ?

Question asked by moedevops on Dec 4, 2018
Latest reply on Dec 19, 2018 by moedevops

Hello.

Within the routing of a request I remove unneeded authentication cookies. They contain sensitive information in terms of identification tokens. So I use the "Manage Cookie" Assertion to delete some cookies. Works fine.

But within the CA API GW logs I see the cookie transformation (update or delete), with the whole values of cookies logged  in clear. I would like to not log these values by default. How could this be done ?

 

I read How to completely disable all logging for a policy? and tried the assertion "Audit Message in Policy" in order to raise the log level to warning as opposed to info. It seamed nice also in terms of granularity : I could change for a given policy the logging level as opposed to do an API GW level change. No success : sensitive info still logged. I suppose this assertion changes the *audit* level but not the *log* level.

Ideas ?

--

Gilles

Outcomes