Configure a DLP profile
A DLP profile is a collection of regular expressions (also known as detection entries) that define the data patterns you want to detect. Cloudflare DLP provides predefined profiles for common detections, or you can build custom DLP profiles specific to your data, organization, and risk tolerance.
Configure a predefined profile
- In Zero Trust, go to DLP > DLP Profiles.
- Choose a predefined profile and select Configure.
- Enable one or more Detection entries according to your preferences. The DLP Profile matches using the OR logical operator — if multiple entries are enabled, your data needs to match only one of the entries.
- Select Save profile.
You can now use this profile in a DLP policy or CASB integration.
Build a custom profile
-
In Zero Trust, go to DLP > DLP Profiles.
-
Select Create profile.
-
Enter a name and optional description for the profile.
-
Add custom or existing detection entries.
Add a custom entry
-
Select Add custom entry and give it a name.
-
In Value, enter a regular expression (or regex) that defines the text pattern you want to detect. For example,
test\d\d
will detect the wordtest
followed by 2 digits.- Regexes are written in Rust. We recommend validating your regex with Rustexp.
- Detected text patterns are limited to 1024 bytes in length.
- Regexes with
+
are not supported as they are prone to exceeding the length limit. For examplea+
can detect an infinite number of a’s. We recommend usinga{min,max}
instead, such asa{1,1024}
.
-
To save the detection entry, select Done.
Add existing entries
Existing entries include predefined detection entries and Exact Data Match datasets.
- Select Add existing entries.
- Choose which entries to want to add, then select Confirm.
- To save the detection entry, select Done.
-
-
(Optional) Configure Advanced settings for the profile.
-
Select Save profile.
You can now use this profile in a DLP policy or CASB integration.