Package: dlp.options.gloo.solo.io


Source File: github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/options/dlp/dlp.proto


Listener level config for dlp filter

"dlpRules": []dlp.options.gloo.solo.io.DlpRule
Field Type Description Default
dlpRules []dlp.options.gloo.solo.io.DlpRule The list of transformation, matcher pairs. The first rule which matches will be applied.


Rule which applies a given set of actions to a matching route. The route matching functions exactly the same as the envoy routes in the virtual host.

"matcher": .matchers.core.gloo.solo.io.Matcher
"actions": []dlp.options.gloo.solo.io.Action
Field Type Description Default
matcher .matchers.core.gloo.solo.io.Matcher Matcher by which to determine if the given transformation should be applied if omitted, will it match all (i.e., default to / prefix matcher).
actions []dlp.options.gloo.solo.io.Action List of data loss prevention actions to be applied. These actions will be applied in order, one at a time.


Route/Vhost level config for dlp filter

If a config is present on the route or vhost level it will completely overwrite the listener level config.

"actions": []dlp.options.gloo.solo.io.Action
Field Type Description Default
actions []dlp.options.gloo.solo.io.Action List of data loss prevention actions to be applied. These actions will be applied in order, one at a time.


A single action meant to mask sensitive data. The action type represents a set of pre configured actions, as well as the ability to create custom actions. These actions can also be shadowed, a shadowed action will be recorded in the statistics, and debug logs, but not actually committed in the response body.

To use a pre-made action simply set the action type to anything other than CUSTOM

actionType: VISA

To create a custom action set the custom action field. The default enum value is custom, so that can be left empty.

name: test
- "hello"
- "world"
maskChar: Y
percent: 60
"actionType": .dlp.options.gloo.solo.io.Action.ActionType
"customAction": .dlp.options.gloo.solo.io.CustomAction
"shadow": bool
Field Type Description Default
actionType .dlp.options.gloo.solo.io.Action.ActionType The action type to implement.
customAction .dlp.options.gloo.solo.io.CustomAction The custom user action to be applied. This field will only be used if the custom action type is specified above.
shadow bool Shadow represents whether the action should be taken, or just recorded.


The following pre-made action types map to the following regex matchers:

SSN: - ‘(?!\D)[0-9]{9}(?=\D|$)’ - ‘(?!\D)[0-9]{3}-[0-9]{2}-[0-9]{4}(?=\D|$)’ - ‘(?!\D)[0-9]{3}\ [0-9]{2}\ [0-9]{4}(?=\D|$)’

MASTERCARD: - ‘(?!\D)5[1-5][0-9]{2}(\ |-|)[0-9]{4}(\ |-|)[0-9]{4}(\ |-|)[0-9]{4}(?=\D|$)’

VISA: - ‘(?!\D)4[0-9]{3}(\ |-|)[0-9]{4}(\ |-|)[0-9]{4}(\ |-|)[0-9]{4}(?=\D|$)’

AMEX: - ‘(?!\D)(34|37)[0-9]{2}(\ |-|)[0-9]{6}(\ |-|)[0-9]{5}(?=\D|$)’

DISCOVER: - ‘(?!\D)6011(\ |-|)[0-9]{4}(\ |-|)[0-9]{4}(\ |-|)[0-9]{4}(?=\D|$)’

JCB: - ‘(?!\D)3[0-9]{3}(\ |-|)[0-9]{4}(\ |-|)[0-9]{4}(\ |-|)[0-9]{4}(?=\D|$)’ - ‘(?!\D)(2131|1800)[0-9]{11}(?=\D|$)’

DINERS_CLUB: - ‘(?!\D)30[0-5]0-9[0-9]{6}(\ |-|)[0-9]{4}(?=\D|$)’ - ‘(?!\D)(36|38)[0-9]{2}(\ |-|)[0-9]{6}(\ |-|)[0-9]{4}(?=\D|$)’

CREDIT_CARD_TRACKERS: - ‘[1-9][0-9]{2}-[0-9]{2}-[0-9]{4}\^\d’ - ‘(?!\D)\%?[Bb]\d{13,19}\1{2,26}\^[0-9][0-9][01][0-9][0-9]{3}’ - ‘(?!\D)\;\d{13,19}\=(\d{3}|)(\d{4}|\=)’

ALL_CREDIT_CARDS: - (All credit card related regexes from above)

Name Description


A user defined custom action to carry out on the response body.

The list of regex strings are applied in order. So for instance, if there is a response body with the content: hello world

And there is a custom action

name: test
- "hello"
- "world"
maskChar: Y
percent: 60

the result would be: YYYlo YYYld

If the mask_char, and percent were left to default, the result would be: XXXXo XXXXd

"name": string
"regex": []string
"maskChar": string
"percent": .envoy.type.Percent
Field Type Description Default
name string The name of the custom action. This name is used for logging and debugging purposes.
regex []string The list of regex strings which will be applied in order.
maskChar string The masking character for the sensitive data. default value: X.
percent .envoy.type.Percent The percent of the string which will be masked by the mask_char default value: 75% rounds ratio (percent/100) by std::round http://www.cplusplus.com/reference/cmath/round/.

  1. -\/.\w\s [return]