Azure’s regional Web Application Firewall (WAF) running on Application Gateway now supports sensitive data protection through log scrubbing. When a request matches the criteria of a rule, and triggers a WAF action, that event is captured within the WAF logs. WAF logs are stored as plain text for debuggability, and any matching patterns with sensitive customer data like IP address, passwords, and other personally identifiable information could potentially end up in logs as plain text. To help safeguard this sensitive data, you can now create log scrubbing rules that replace the sensitive data with “******”.
Sensitive data protection using log scrubbing supports the creation of rules using the following variables:
- Request Header Names
- Request Cookie Names
- Request Arg Names
- Request Post Arg Names
- Request JSON Arg Names
- Request IP Address
Learn more about log scrubbing rules.
Learn how to create your own log scrubbing rules for sensitive data protection.