Skip to Content

Solved: How do I block Aadhaar and PAN number using DLP

By: Author Alex Lim

Posted on  - Last updated:

Categories Troubleshooting

This article describes how to block Aadhaar and PAN number using regular expressions.

Aadhaar is a 12 digit number with first digit not either 0 or 1.

It contains white space after every 4 digits and contains no alphabets.

Below regular expression can be used to identify Aadhaar:

^[2-9]{1}[0-9]{3}\\s[0-9]{4}\\s[0-9]{4}$ <----- (^ Start of string, $ end of string).

PAN is 10 characters long, with first 5 characters and tenth character being upper case alphabets.

Sixth to ninth character would be any number between 0-9.

Below regular expression can be used for PAN:

[A-Z]{5}[0-9]{4}[A-Z]{1}

Configuration would be as below:

# config dlp sensor
edit "PanAadhaarTest"
set feature-set proxy
config filter
edit 1
set name "PanPattern"
set proto smtp pop3 imap http-get http-post ftp nntp mapi ssh cifs
set filter-by regexp
set regexp "[A-Z]{5}[0-9]{4}[A-Z]{1}"
set action block
next
edit 2
set name "AadhaarPattern"
set proto smtp pop3 imap http-get http-post ftp nntp mapi ssh cifs
set filter-by regexp
set regexp "^[2-9]{1}[0-9]{3}\\s[0-9]{4}\\s[0-9]{4}$"
set action block
next
set extended-log enable
next
end

Logs can be viewed on CLI using below command:

# execute log filter category
# execute log filter category 9
# execute log display

Sample log on firewall will look as below:

date=2022-07-14 time=06:33:35 eventtime=1657773215509591580 tz="+0200" logid="0954024576" type="utm" subtype="dlp" eventtype="dlp" level="warning" vd="root" filteridx=1 filtername="PanPattern" dlpextra="[A-Z]{5}[0-9]{4}[A-Z]{1}" filtertype="regexp" filtercat="file" severity="medium" policyid=510 poluuid="cecaa58e-fa03-51ec-bcea-8657ec4be58c" policytype="policy" sessionid=41039178 epoch=245069 eventid=0 srcip=172.31.x.x srcport=50048 srccountry="Reserved" srcintf="port2" srcintfrole="lan" srcuuid="29c7feb8-aa9b-51ec-5f54-f5baa989484f" dstip=88.99.68.112 dstport=443 dstcountry="Germany" dstintf="port1" dstintfrole="undefined" dstuuid="29c7feb8-aa9b-51ec-5f54-f5baa989484f" proto=6 service="HTTPS" filetype="unknown" direction="outgoing" action="block" hostname="convertioxx.me" url="edited out" agent="Chrome/102.0.0.0" filename="pantest.pdf" filesize=11 profile="PanAadhaarTest"

Note: Inspection mode in policy has to be set to proxy.