Add Data Loss Prevention (DLP) rules

This configuration uses HTTP response scanning. Adding traffic scanning to HTTP responses adds a performance impact.

CloudGuard WAF allow configuring custom rules based on regular expressions, detected in key locations in HTTP/S traffic. The custom rules can allow creating signatures to be excluded from detection, but also adding specific signatures that will always be dropped.

The ability to configure such signatures to be detected on HTTP/S Response body, provides means of configuring Data Loss Prevention (DLP) signatures that will be dropped.

Step 1: Prepare DLP signatures

If there is a specific data type that should not appear on responses (for example credit card numbers, emails, etc.) - create in advance a regular expression list for each data type.

Step 2: Browse to relevant Web assets and configure custom rules for each signature

A full explanation on setting up custom rules and custom rules can be found here.

The custom rule should:

Use the "Drop" action
Use the "Response Body" condition key.

The value for each custom rule condition should be a regular expression from the list that was prepared in step 1. It is recommended that the comment will explain precisely that this is a DLP signature.

Example:

Step 3: Enforce Policy

PreviousView Policy of all your Web Applications/APIs NextConfigure Contextual Machine Learning for Best Accuracy

Last updated 1 year ago

Was this helpful?

hashtagStep 1: Prepare DLP signatures

hashtagStep 2: Browse to relevant Web assets and configure custom rules for each signature

hashtagStep 3: Enforce Policy

Step 1: Prepare DLP signatures

Step 2: Browse to relevant Web assets and configure custom rules for each signature

Step 3: Enforce Policy