How to suppress PII data Within WSS using UPE management console
Article ID: 209975
Updated On:
Products
Issue/Introduction
To address privacy requirements within WSS, Personally Identifiable Information (PII) can be removed in logs or logging can be suppressed entirely. Specific traffic reporting is not available for any data that is not logged. These privacy controls are applied to all traffic through WSS and hybrid devices.
To enable or modify PII settings within the WSS Portal, a WSS Admin can go to General settings within the Portal and navigate to the 'Data Retention and Privacy' -> 'Default privacy settings' and select a range of options to mask certain PII data.
If a WSS admin is using the UPE management console, no corresponding configuration option seems possible. How does one enable this option when not using the WSS Portal admin console?
Environment
Web Security Services Administration
Using Management Console/UPE to configure WSS
Cause
Undocumented PII options within WSS UPE management console.
Resolution
For UPE customers the “Log All Traffic Normally” option is enabled by default and WSS administrators can suppress the following log fields using the CPL code below, which suppresses the username, group name, and client IP. To remove suppression of any of these specific field values, simply remove the statement from the line of CPL code.
<proxy>
log.rewrite.cs-userdn("Suppressed") log.rewrite.cs-user("Suppressed") log.rewrite.cs-auth-groups("Suppressed") log.rewrite.cs-auth-group("Suppressed") log.rewrite.c-ip("0.0.0.0")
Feedback
