how to specific query parameter value in aws application load balancer access logs and cloudfront access logs

Question

I have configured aws cloudfront access logs and aws application load balancer access logs. Now they logs every query string. But I have password value in the query string as well and that value I would like to mask or hide. Is it possible in aws application load balancer access logs or cloudfront logs

score 0 · Answer 1 · answered Dec 04 '18 at 04:20

CloudFront and ALB do not provide a way to suppress this logging... but sensitive data does not belong in the query string.

See, for example, the OWASP article on Information Exposure through Query Strings in URL for further information on this vulnerabity and this post on Information Security Stack Exchange.

how to specific query parameter value in aws application load balancer access logs and cloudfront access logs

1 Answers1