Bug ID 611151: An upper case JSON sensitive parameter is not masked when ASM policy is case-insensitive

Last Modified: Nov 07, 2022

Bug Tracker

Affected Product:  See more info
BIG-IP ASM(all modules)

Known Affected Versions:
12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2

Fixed In:
13.0.0, 12.1.2 HF1

Opened: Aug 16, 2016
Severity: 3-Major


If you configure a sensitive parameter with an upper-case character (like "Password"), the data masking does not take place. When the sensitive parameter is all lower-case (like "password"), the data masking takes place as expected.


no data masking for a JSON sensitive parameter


ASM provisioned ASM policy is case-insensitive JSON profile, w/ a sensitive parameter with an upper-case character



Fix Information

We've made sure that JSON parameters are always treated as case sensitive, regardless of the ASM policy case sensitivity setting.

Behavior Change