Updated on 2025-08-12 GMT+08:00

Adding a Masking Rule

Scenario

The system enables you to configure masking rules based on application, URL, client IP address, account, and account group, allowing for precise authentication and masking protection for access behavior. These rules can be set up in the data masking module.

For instance, if you want to configure a masking rule for the demo application to ensure that sensitive data, such as bank card numbers, is masked when the demo application is accessed, you can do so within this module.

This section describes how to add a masking rule.

The masking rule is effective only to proxy access to the application or service. The masking effect on the log retrieval page and the sensitive data page is built into the system and remains unchanged regardless of the masking rule creation.

Prerequisites

Procedure

  1. Log in to the web console of the API data security protection system as user sysadmin.
  2. In the navigation pane, choose Security Policies > Data Masking.
  3. Click the Rules tab.
  4. Click Add to configure a masking rule. For details about related parameters, see Parameters for adding a masking rule.

    Figure 1 Adding a masking rule
    Table 1 Parameters for adding a masking rule

    Parameter

    Description

    Rule name

    Enter the name of the custom masking rule.

    Service name

    Select the application or service to which the rule applies.

    Priority

    When a request matches multiple masking rules, the rule with the highest priority takes effect.

    Data type

    Select the data type for masking.

    Algorithms

    Configure the masking algorithm to identify and mask sensitive data according to the masking template, data label, and data field.

    Rule conditions

    Configure the rule conditions, including the URL, client IP address, account, and account group.

    Enable interactive visibility

    After the interactive visibility function is enabled, the eye icon is displayed in the masked data. You can click the eye icon to view the original data.

    Enable segment

    Once this function is enabled, word segmentation is applied to paragraphs.

    Status

    Enable or disable a masking rule.
    • Enabled: The masking rule takes effect immediately after being added.
    • Disabled: The rule does not takes effect after being configured. You need to manually enable it.

  5. Click OK.

Operation Result

After the masking rule is added, you can view the new masking rule in the rule list. When the application assets are accessed through the configured proxy, data is masked based on the masking rule. For details, see Viewing the Masking Result.

Related Operations

You can also perform the following operations on the Rules page:

  • Editing a masking rule: Click Edit on the right of the target rule to modify the rule information.
  • Deleting a masking rule: Click Delete on the right of the target rule to delete the masking rule.
  • Delete masking rules in batches: Select multiple rules and click Delete in the upper right corner.