Scan HTTP traffic with DLP
You can scan HTTP traffic for sensitive data through Secure Web Gateway policies. To perform DLP filtering, first configure a DLP profile with the data patterns you want to detect, and then build a Gateway HTTP policy to allow or block the sensitive data from leaving your organization. Gateway will parse and scan your HTTP traffic for strings matching the keywords or regular expressions (regexes) specified in the DLP profile.
Prerequisites
Enable Gateway HTTP filtering.
1. Configure a DLP profile
Refer to Configure a DLP profile. We recommend getting started with a predefined profile.
2. Create a DLP policy
DLP Profiles may be used alongside other Zero Trust rules in a Gateway HTTP policy. To start logging or blocking traffic, create a policy for DLP:
In Zero Trust, go to Gateway > Firewall Policies > HTTP.
Select Create a policy.
Build an HTTP policy using the DLP Profile selector. For example, the following policy prevents users from uploading sensitive data to any location other than an approved corporate application:
Policy name Only allow SSN uploads to Workday Selector Operator Value DLP Profiles in U.S. Social Security Numbers
Application not in Workday
Action Block Select Create policy.
DLP scanning is now enabled.
3. Test DLP policy
You can test your DLP policy on any device connected to your Zero Trust organization. To perform a basic test:
- Go to dlptest.com.
- Enter a text message or upload a file containing the sensitive data.
- Select Submit to send the request.
The request will be allowed or blocked according to your DLP policies. If the data matches a DLP policy, you will see the request in your DLP logs.
Different sites will send requests in different ways. For example, some sites will split a file upload into multiple requests. Therefore, even if the policy works on dlptest.com
, it is not guaranteed to work the same way on another site or application.
4. View DLP logs
- In the Zero Trust dashboard, go to Logs > Gateway > HTTP.
- Select Filter.
- Choose an item under one of the following filters:
- DLP Profiles shows the requests which matched a specific DLP profile.
- Policy shows the requests which matched a specific DLP policy.
You can expand an individual row to view details about the request. To see the data that triggered the DLP policy, configure payload logging.
Report false positives
- Select the log you want to report.
- Select Report DLP false positive under DLP details.
- The information to be sent to Cloudflare will appear. To confirm your report, select Send report.
Cloudflare will not respond directly to your report, but reporting false positives helps us improve our products. If you require technical assistance, reach out to support.