How is Information Disclosure Prevented?
Web Application Firewall prevents Information Disclosure and Improper Error Handling by providing a way for the administrator to configure text containing confidential and sensitive information so that no web site accessed through the Web Application Firewall reveals this text. These text strings are entered on the Web Application Firewall > Settings page.
Beside the ability to pattern match custom text, signatures pertaining to information disclosure are also used to prevent these types of attacks.
Web Application Firewall protects against inadvertent disclosure of credit card and Social Security numbers (SSN) in HTML web pages.
Only text or HTML pages, and only the first 512K bytes are inspected for credit card or SSN disclosure.
Web Application Firewall can identify credit card and SSN numbers in various formats. For example, a SSN can be specified as
XXX XX XXXX or
XXX-XX-XXXX. Web Application Firewall attempts to eliminate false-positives by filtering out formats that do not conform to the credit card or SSN specification. For example, credit cards follow the Luhn’s algorithm to determine if an n-digit number could be a credit card number or not.
The administrator can set an appropriate action, such as detect (log), prevent, or just mask the digits that can reveal the user identity. Masking can be done fully or partially, and you can select any of the following characters for masking: #, *, -, x, X, ., !, $, and ?. The resulting masked number is similar to the appearance of credit card numbers printed on an invoice.
Was This Article Helpful?
Help us to improve our support portal