Web Application Firewall (WAF) inline customers are able to activate anonymization by upgrading to Alert Logic appliance version 220.127.116.11, available as of September 01, 2022.
Data privacy requirements like GDPR, HIPAA, the Australian Privacy Act 1988, the UK Data Protection Act 2018, and others put restrictions on how Personally Identifiable Information (PII) must be handled. For Protected Health Information (PHI), the web application owner is required to keep data confidential and prevent anyone without a legitimate need to access data from seeing it.
Utilize the following solution and details on additional configuration options to enable data anonymization in the Alert Logic console.
Solution – Enable Data Anonymization
Data anonymization masks client input – such as headers, request parameters, and cookies – with repeated letters of random length over the data being anonymized. When enabled, data is anonymized across all proxies within the appliance. Anonymization is irreversible and only applies to data being logged by WSM.
Follow these steps to enable data anonymization:
- In the Alert Logic console, navigate to > Configure > WAF > Appliances.
- Select Manage Appliance to the right of the appliance that you want to enable the header for.
- Select System > Configuration from the left-hand navigation.
- Scroll down to section header Data Anonymization.
- Check the box to enable Data Anonymization.
- Click the question mark to view the additional details/warnings for this feature.
- Click Save Settings at the bottom-right of the screen.
Additional Data Anonymization Configuration
The following options can be found under the Enable Data Anonymization check box and allow you to further configure your data anonymization.
Source IP Masking
Source IP masking anonymizes the source IP by reducing it to a subnet. Possible values to choose from are:
- Off (default) – IP is not masked
- /24 – IP is masked within range of 256 IP addresses – i.e. 10.10.10.10 becomes 10.10.10.0
- /16 – IP is masked within range of 65,536 IP addresses – i.e. 10.10.10.10 becomes 10.10.0.0
- /8 – IP address is masked within range of 16,777,216 IP addresses – i.e. 10.10.10.10 becomes 10.0.0.0
This feature allows you to configure exceptions for request elements, which can be enabled to avoid anonymization. This feature allows for exceptions for named input of the following types:
- Query (both URL query elements and request body)
Click Add New to enable more than the default four exceptions.
Lock Data Anonymization
Lock data anonymization allow you to limit further configuration of the feature at two levels:
- Prevent data anonymization from being disabled locks the feature for permanent enablement. This prompts the following warning message:
- Lock data anonymization configuration locks the current configuration within the feature, such as configurations for Source IP masking or exceptions. These configurations will remain as they are once saved. This prompts the following warning message: