DLP profiles
A DLP profile is a collection of regular expressions (also known as detection entries) that define the data patterns you want to detect. Cloudflare DLP provides predefined profiles for common detections, or you can build custom DLP profiles specific to your data, organization, and risk tolerance.
- In Zero Trust ↗, go to DLP > DLP Profiles.
- Choose a predefined profile and select Configure.
- Enable one or more Detection entries according to your preferences. The DLP Profile matches using the OR logical operator — if multiple entries are enabled, your data needs to match only one of the entries.
- Select Save profile.
You can now use this profile in a DLP policy or CASB integration.
-
In Zero Trust ↗, go to DLP > DLP Profiles.
-
Select Create profile.
-
Enter a name and optional description for the profile.
-
Add custom or existing detection entries.
Add a custom entry
-
Select Add custom entry and give it a name.
-
In Value, enter a regular expression (or regex) that defines the text pattern you want to detect. For example,
test\d\d
will detect the wordtest
followed by two digits.- Regular expressions are written in Rust. We recommend validating your regex with Rustexp ↗.
- DLP detects UTF-8 characters, which can be up to 4 bytes each. Custom text pattern detections are limited to 1024 bytes in length.
- DLP does not support regular expressions with
+
or*
operators because they are prone to exceeding the length limit. For example, the regex patterna+
can detect an infinite number ofa
characters. We recommend usinga{min,max}
instead, such asa{1,1024}
.
-
To save the detection entry, select Done.
Add existing entries
Existing entries include predefined detection entries and DLP datasets.
- Select Add existing entries.
- Choose which entries you want to add, then select Confirm.
- To save the detection entry, select Done.
-
-
(Optional) Configure Advanced settings for the profile.
-
Select Save profile.
You can now use this profile in a DLP policy or CASB integration.