Add Data Loss Prevention (DLP) Rules

This configuration uses HTTP response scanning. Adding traffic scanning to HTTP responses adds a performance impact.

open-appsec allow configuring custom rules based on regular expressions, detected in key locations in HTTP/S traffic. The custom rules can allow creating signatures to be excluded from detection, but also adding specific signatures that will always be dropped.

The ability to configure such signatures to be detected on HTTP/S Response body, provides means of configuring Data Loss Prevention (DLP) signatures that will be dropped.

Step 1: Prepare DLP signatures

If there is a specific data type that should not appear on responses (for example credit card numbers, emails, etc.) - create in advance a regular expression list for each data type.

Step 2: Browse to relevant Web assets and configure custom rules for each signature

A full explanation on setting up custom rules and custom rules can be found here.

The custom rule should:

Use the "Drop" action
Use the "Response Body" condition key.

The value for each custom rule's condition should be a regular expression from the list that was prepared in step 1. It is recommended that the comment will explain precisely that this is a DLP signature.

Example:

Step 3: Enforce Policy

PreviousImport Snort rules NextSetup Rate Limit / DDoS Control

Last updated 9 months ago

Was this helpful?