Jump to: navigation, search

Masking sensitive data in SIP messages

Starting with version 8.1.102.51, SIP Server can mask sensitive data in SIP messages. When enabled, SIP Server replaces:

  • All private SIP header values with a single asterisk
  • SIP message body content with the phrase CONTENT FILTERED

SIP Server does not replace the content of type application/sdp, and it replaces application/vnd.radisys.msml+xml in the SIP message body only when it contains user data.

Starting with version 8.1.103.88, SIP Server can unmask specific SIP headers contained in SIP Server logs. This feature is enabled by the x-sip-unmask-headers and x-sip-unmask-headers-default configuration options.

Feature Configuration

To enable masking sensitive data in SIP messages, set the x-sip-mask-sensitive-data configuration option to true in the [log] section of the SIP Server Application.

Configuration Options

x-sip-mask-sensitive-data

Setting: [log] section, Application level
Default Value: false
Valid Values: true, false
Changes Take Effect: Immediately

Specifies whether SIP Server masks sensitive data in SIP messages contained in SIP Server logs.

  • If set to true, SIP Server masks all private SIP header values and SIP message body content of all types, except for application/sdp and application/vnd.radisys.msml+xml. If the message contains application/vnd.radisys.msml+xml, SIP Server masks it only when it contains user data.
  • If set to false, SIP Server does not mask sensitive data in SIP messages contained in SIP Server logs.

x-sip-unmask-headers

Setting: [log] section, Application level
Default Value: No default value
Valid Values: A list of comma-separated SIP headers
Changes Take Effect: Immediately

Specifies a list of private SIP headers that SIP Server does not mask in SIP messages contained in SIP Server logs. These headers are unmasked in addition to the headers specified in the x-sip-unmask-headers-default option. If the value of this option is not configured or empty, headers specified in the x-sip-unmask-headers-default are unmasked. Example: X-Genesys-UUID,X-ISCC-Id.

x-sip-unmask-headers-default

Setting: [log] section, Application level
Default Value: X-Genesys-strict-location,X-Genesys-peer-proxy-contact,X-Genesys-CallUUID,X-Genesys-PartyInfo,X-Genesys-GVP-Session-ID,X-Genesys-CallInfo,X-Genesys-Route,X-Genesys-geo-location,X-Genesys-bypass-resource-list,X-ISCC-Id,X-ISCC-CofId,X-Detect,Event,presence,Answer-Mode
Valid Values: A list of comma-separated SIP headers
Changes Take Effect: Immediately

Specifies a list of private SIP headers that SIP Server does not mask in SIP messages contained in SIP Server logs, by default. To unmask other SIP headers that are not included in the default value of this option, use the x-sip-unmask-headers option. If the value of this option is empty, the private SIP headers remain masked/unmasked based on the value of x-sip-unmask-headers and x-sip-mask-sensitive-data.

This page was last edited on May 13, 2020, at 16:44.

Feedback

Comment on this article:

blog comments powered by Disqus