How to suppress PII data Within WSS using UPE management console
search cancel

How to suppress PII data Within WSS using UPE management console


Article ID: 209975


Updated On:


Cloud Secure Web Gateway - Cloud SWG


To address privacy requirements within WSS, Personally Identifiable Information (PII) can be removed in logs or logging can be suppressed entirely. Specific traffic reporting is not available for any data that is not logged. These privacy controls are applied to all traffic through WSS and hybrid devices.

To enable or modify PII settings within the WSS Portal, a WSS Admin can go to General settings within the Portal and navigate to the 'Data Retention and Privacy' -> 'Default privacy settings' and select a range of options to mask certain PII data.


If a WSS admin is using the UPE management console, no corresponding configuration option seems possible. How does one enable this option when not using the WSS Portal admin console? 


Web Security Services Administration

Using Management Console/UPE to configure WSS


Undocumented PII options within WSS UPE management console.


For UPE customers the “Log All Traffic Normally” option is enabled by default and WSS administrators can suppress the following log fields using the CPL code below, which suppresses the username, group name, and client IP. To remove suppression of any of these specific field values, simply remove the statement from the line of CPL code.
log.rewrite.cs-userdn("Suppressed") log.rewrite.cs-user("Suppressed") log.rewrite.cs-auth-groups("Suppressed") log.rewrite.cs-auth-group("Suppressed") log.rewrite.c-ip("")