Configuring Information Disclosure Protection
Under Information Disclosure Protection, you can protect against inadvertent disclosure of credit card and Social Security numbers (SSN) in HTML Web pages. You can also enter confidential text strings that should not be revealed on any Web site protected by Web Application Firewall.
To configure information disclosure protection
Expand the Information Disclosure Protection section. The table contains a row for each possible pattern or representation of a social security number or credit card number that Web Application Firewall can detect in the HTML response.
- Select Enable Credit Card/SSN Protection.
- In the Mask Character drop-down menu, select the character to be substituted when masking the SSN or credit card number.
In the table, select the level of protection desired for each representation of an SSN or credit card number. You can select one of the following in each row:
- Disabled – Do not match numbers in this format. No logging or masking is done.
- Detect – Detect numbers in this format and create a log entry when detected.
- Mask Partially – Substitute the masking character for the all digits in the number, except the last few digits such that the confidentiality of the number is still preserved.
- Mask Fully – Substitute the masking character for all digits in the number.
- Block – Do not transmit or display the number at all, even in masked format.
- Below the table, in the Block sensitive information within HTML pages text box, type confidential text strings that should not be revealed on any Web site protected by Web Application Firewall. This text is case insensitive, can include any number of spaces between the words, but cannot include wildcard characters. Add new phrases on separate lines. Each line is pattern matched within any HTML response.
- When finished, click Accept.
Was This Article Helpful?
Help us to improve our support portal