Zend Server Best Practices > Security > Monitor Security Blacklist

Monitor Security Blacklist

When capturing event context, Zend Monitor will save the values of all PHP super-globals (POST, GET, SESSION etc.) in the event database, and will present these values in event reports. Sometimes, it is unwise to store and present some values - for example, passwords or credit card numbers and other private information.

Zend Monitor allows you to filter out some super-global values by black-listing their keys in the Zend Monitor Security Blacklist. Filtered values will not be stored in the eventsAn event is a collection of runtime-related information collected by the Monitor component. This information is collected when an event is triggered, according to the conditions defined by the Monitoring Rules. database and will not be included in event reports (details) - instead, the string "<BLOCKED_VALUE>" will be presented.

Why Configure Security Settings?

The primary reason for securing information is to prevent the storage, handling and distribution of sensitive information such as user names, passwords and credit card numbers. This information is collected as part of the Zend Server diagnostic process. However, in most cases the context, and not the value, is important to understanding why the Event occurred. Therefore, sensitive information omitted from the Event Detail collection process.

An additional reason for using the Security Blacklist is to prevent inadvertently sending sensitive information by e-mail when using the Event Action option that automatically sends Event Details via email.

Black-listing sensitive information may be required in order to confirm with some security standards such as PCI Certification.

 

This procedure describes how to manually define a blacklist of keys that should not be collected, stored or displayed in Event reports.

 

 

Instructions on how to complete a procedure

To manually define a security Blacklist:

  1. In Zend Server for IBMi, go to Configurations | Components.
  2. Select the Zend Monitor component in the Components list.
  3. In the Directives tab, locate the directive 'zend_monitor.security_black_list'.
  4. Add as a value any keys that should be blocked using a comma to separate between them.
  5. Click .
  6. In the toolbar, the restart icon lights up , indicating a restart is needed to apply changes. Click to restart server and apply changes.
    For information on restarting in Zend Server, see Server Restart.

Each of the keys that you added to the list will now be replaced by '<BLOCKED_VALUE>'

 

Usage Example

Example:

For example, to blacklist HTTP passwords passed to PHP by the web server through the $_SERVER['PHP_AUTH_PW'] super-global variable, add it as follows: zend_monitor.security_black_list=PHP_AUTH_PW

Any subsequent keys added would be added using a comma to separate them as follows:

zend_monitor.security_black_list=PHP_AUTH_PW,cc_number,secret_token

Please note that if the same key exists in several super-globals (for example, if "cc_number" exists in both $_POST and $_SERVER) it will be removed from all of them. You can configure the list of super-global variables you want to secure using this feature by setting the value of the zend_monitor.super_globals_to_secure directive.

 

Read Also

  Zend Server Best Practices    
  Security