Skip to Content

Solved: How do I block Aadhaar and PAN number using DLP

This article describes how to block Aadhaar and PAN number using regular expressions.

Aadhaar is a 12 digit number with first digit not either 0 or 1.

It contains white space after every 4 digits and contains no alphabets.

Below regular expression can be used to identify Aadhaar:

^[2-9]{1}[0-9]{3}\\s[0-9]{4}\\s[0-9]{4}$ <----- (^ Start of string, $ end of string).

PAN is 10 characters long, with first 5 characters and tenth character being upper case alphabets.

Sixth to ninth character would be any number between 0-9.

Below regular expression can be used for PAN:

[A-Z]{5}[0-9]{4}[A-Z]{1}

Configuration would be as below:

# config dlp sensor
edit "PanAadhaarTest"
set feature-set proxy
config filter
edit 1
set name "PanPattern"
set proto smtp pop3 imap http-get http-post ftp nntp mapi ssh cifs
set filter-by regexp
set regexp "[A-Z]{5}[0-9]{4}[A-Z]{1}"
set action block
next
edit 2
set name "AadhaarPattern"
set proto smtp pop3 imap http-get http-post ftp nntp mapi ssh cifs
set filter-by regexp
set regexp "^[2-9]{1}[0-9]{3}\\s[0-9]{4}\\s[0-9]{4}$"
set action block
next
set extended-log enable
next
end

Logs can be viewed on CLI using below command:

# execute log filter category
# execute log filter category 9
# execute log display

Sample log on firewall will look as below:

date=2022-07-14 time=06:33:35 eventtime=1657773215509591580 tz="+0200" logid="0954024576" type="utm" subtype="dlp" eventtype="dlp" level="warning" vd="root" filteridx=1 filtername="PanPattern" dlpextra="[A-Z]{5}[0-9]{4}[A-Z]{1}" filtertype="regexp" filtercat="file" severity="medium" policyid=510 poluuid="cecaa58e-fa03-51ec-bcea-8657ec4be58c" policytype="policy" sessionid=41039178 epoch=245069 eventid=0 srcip=172.31.x.x srcport=50048 srccountry="Reserved" srcintf="port2" srcintfrole="lan" srcuuid="29c7feb8-aa9b-51ec-5f54-f5baa989484f" dstip=88.99.68.112 dstport=443 dstcountry="Germany" dstintf="port1" dstintfrole="undefined" dstuuid="29c7feb8-aa9b-51ec-5f54-f5baa989484f" proto=6 service="HTTPS" filetype="unknown" direction="outgoing" action="block" hostname="convertioxx.me" url="edited out" agent="Chrome/102.0.0.0" filename="pantest.pdf" filesize=11 profile="PanAadhaarTest"

Note: Inspection mode in policy has to be set to proxy.

Tags

Tags

    Ads Blocker Image Powered by Code Help Pro

    Ads Blocker Detected!!!

    This site depends on revenue from ad impressions to survive. If you find this site valuable, please consider disabling your ad blocker.