search cancel

Cannot change PII settings to match what is required from customer


Article ID: 257139


Updated On:


Cloud Secure Web Gateway - Cloud SWG


Cloud SWG Portal provides a number of different combinations in terms of suppressing information written to log files. 

What happens if the admin requires privacy settings that are not available in Portal e.g. if we want to suppress the user and group information, but log the device information in clear text which is not one of the options below.

Are there additional options to provide more granular PII settings?


PII settings within Cloud SWG Portal.



Portal limitation.


If Cloud WSG is administered through UPE, then we can simply add CPL statements to suppress any fields 

For Portal based administrator, contact Broadcom support to have the changes made on the back end. In the above example and selecting to suppress the user/group/device information, we added the following change to avoid suppressing the device information:

<Proxy PutDeviceNameBack>
    log.rewrite.x-client-device-name( "$(x-client-device-name)" )

<Proxy PutDeviceIdBack>
    log.rewrite.x-client-device-id( "$(x-client-device-id)" )


Additional Information

With the changes, the access log entries show the user/group info suppressed (Orange), but the device ID (green) is in clear text.

12345 2022-11-21 09:51:56 "DP2-GDKCP1_proxysg1" 178 "Suppressed" "/l5QT+9THDaupKy0FzhMn8s=" GOoemu5wVp61k65iPvfqsgVf9xmX+388= "Suppressed" - OBSERVED "Shopping" - 200 TCP_NC_MISS GET text/plain https 443 /g/collect ?v=2&tid=G-L169VKKGCN&gtm=2reb90&_p=2082124206&tt=dk&cid=2040237574.1668194130&ul=da-dk&sr=1920x1200&ir=1&uaa=x86&uab=64&uafvl=Chromium%3B104.0.5112.81%7C%2520Not%2520A%253BBrand%3B99.0.0.0%7CGoogle%2520Chrome%3B104.0.5112.81&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&_eu=EA&_s=1&sid=1669024287&sct=8&seg=1& - "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/ Safari/537.36" 793 2504 - cas_group - "{ %22expect_sandbox%22: false }" no - - - 0 "client" client_connector "-" "-" "United States" CERT_VALID none - - TLSv1.3 TLS_AES_128_GCM_SHA256 128 "Shopping" TLSv1.3 TLS_AES_128_GCM_SHA256 128 "Suppressed" ICAP_NOT_SCANNED - ICAP_NO_MODIFICATION - "United States" - "Denmark" 3 3 wss-agent architecture=x86_64%20name=Windows%2010%20Enterprise%20version=10.0.19042 ac8dc379-1ae5-487f-b3d4-9dbfdc16d487 ID-7261 - - - - SSL_Intercept_1 - - - - - c1123429da12e05d-0000000009e7f84a-00000000637b4a3b "DK" "Denmark" - - -