Skip to Content

Solved: How do I block Aadhaar and PAN number using DLP

This article describes how to block Aadhaar and PAN number using regular expressions.

Aadhaar is a 12 digit number with first digit not either 0 or 1.

It contains white space after every 4 digits and contains no alphabets.

Below regular expression can be used to identify Aadhaar:

^[2-9]{1}[0-9]{3}\\s[0-9]{4}\\s[0-9]{4}$ <----- (^ Start of string, $ end of string).

PAN is 10 characters long, with first 5 characters and tenth character being upper case alphabets.

Sixth to ninth character would be any number between 0-9.

Below regular expression can be used for PAN:

[A-Z]{5}[0-9]{4}[A-Z]{1}

Configuration would be as below:

# config dlp sensor
edit "PanAadhaarTest"
set feature-set proxy
config filter
edit 1
set name "PanPattern"
set proto smtp pop3 imap http-get http-post ftp nntp mapi ssh cifs
set filter-by regexp
set regexp "[A-Z]{5}[0-9]{4}[A-Z]{1}"
set action block
next
edit 2
set name "AadhaarPattern"
set proto smtp pop3 imap http-get http-post ftp nntp mapi ssh cifs
set filter-by regexp
set regexp "^[2-9]{1}[0-9]{3}\\s[0-9]{4}\\s[0-9]{4}$"
set action block
next
set extended-log enable
next
end

Logs can be viewed on CLI using below command:

# execute log filter category
# execute log filter category 9
# execute log display

Sample log on firewall will look as below:

date=2022-07-14 time=06:33:35 eventtime=1657773215509591580 tz="+0200" logid="0954024576" type="utm" subtype="dlp" eventtype="dlp" level="warning" vd="root" filteridx=1 filtername="PanPattern" dlpextra="[A-Z]{5}[0-9]{4}[A-Z]{1}" filtertype="regexp" filtercat="file" severity="medium" policyid=510 poluuid="cecaa58e-fa03-51ec-bcea-8657ec4be58c" policytype="policy" sessionid=41039178 epoch=245069 eventid=0 srcip=172.31.x.x srcport=50048 srccountry="Reserved" srcintf="port2" srcintfrole="lan" srcuuid="29c7feb8-aa9b-51ec-5f54-f5baa989484f" dstip=88.99.68.112 dstport=443 dstcountry="Germany" dstintf="port1" dstintfrole="undefined" dstuuid="29c7feb8-aa9b-51ec-5f54-f5baa989484f" proto=6 service="HTTPS" filetype="unknown" direction="outgoing" action="block" hostname="convertioxx.me" url="edited out" agent="Chrome/102.0.0.0" filename="pantest.pdf" filesize=11 profile="PanAadhaarTest"

Note: Inspection mode in policy has to be set to proxy.

    Ads Blocker Image Powered by Code Help Pro

    Your Support Matters...

    We run an independent site that\'s committed to delivering valuable content, but it comes with its challenges. Many of our readers use ad blockers, causing our advertising revenue to decline. Unlike some websites, we haven\'t implemented paywalls to restrict access. Your support can make a significant difference. If you find this website useful and choose to support us, it would greatly secure our future. We appreciate your help. If you\'re currently using an ad blocker, please consider disabling it for our site. Thank you for your understanding and support.