Add Data Loss Prevention (DLP) rules
This configuration uses HTTP response scanning. Adding traffic scanning to HTTP responses adds a performance impact.
CloudGuard AppSec allow configuring custom rules based on regular expressions, detected in key locations in HTTP/S traffic. The custom rules can allow creating signatures to be excluded from detection, but also adding specific signatures that will always be dropped.
The ability to configure such signatures to be detected on HTTP/S Response body, provides means of configuring Data Loss Prevention (DLP) signatures that will be dropped.
If there is a specific data type that should not appear on responses (for example credit card numbers, emails, etc.) - create in advance a regular expression list for each data type.
The custom rule should:
- Use the "Drop" action
- Use the "Response Body" condition key.
The value for each custom rule condition should be a regular expression from the list that was prepared in step 1. It is recommended that the comment will explain precisely that this is a DLP signature.