The steps below are the correct procedure for blocking words such as ‘pepitá’ using regular expressions via DLP FortiGate.
Scope
FortiGate.
Solution
In this example, the word ‘pepitá’ will be blocked.
Step 1: Create a new ‘Dictionary’ in Security Profile > Data Leak Prevention > Dictionaries and select ‘Create New’.
Step 2: Create a new ‘Sensor’ in Security Profile > Data Leak Prevention -> Sensor and select ‘Create New’.
Step 3: Create a DLP Profile using the ‘Sensor’ profile created in step 2 with action ‘Block’, Type ‘Message’, and protocol ‘HTTP-POST’.
Important note: Use the DLP profile and policy in ‘Proxy’ mode and also enable ‘deep-inspection’ in the firewall policy.
Workaround for equipment on the ‘100F’ line and v7.2.8:
The steps above are correct for blocking the example word ‘pepitá’, but it does not work for equipment on the ‘100F’ line and v7.2.8. It is necessary to adjust it by changing the Pattern in the Dictionary from ‘/pepitá/i’ to only ‘pepitá’.
There are several websites for word tests on DLP systems:
Example: https://dlptest.com/http-post/
This is an example of how FortiGate should behave and what message is displayed:
