Skip to content

DlpProfile

Source: src/Cloudflare/Dlp/Profile.ts

A Cloudflare Zero Trust DLP custom profile — a named collection of detection entries (regular expressions) that Gateway HTTP policies and CASB integrations reference to detect sensitive data in transit.

Requires the Cloudflare DLP entitlement (a paid Zero Trust add-on); accounts without it receive the typed Forbidden error on all writes.

Creating a DLP profile

Section titled “Creating a DLP profile”

Profile with a custom regex entry

const profile = yield* Cloudflare.DlpProfile("EmployeeIds", {
  description: "Detects internal employee identifiers",
  allowedMatchCount: 0,
  entries: [
    {
      name: "employee-id",
      enabled: true,
      pattern: { regex: "EMP-[0-9]{6}" },
    },
  ],
});

Credit-card-like entry with Luhn validation

const cards = yield* Cloudflare.DlpProfile("Cards", {
  entries: [
    {
      name: "card-number",
      enabled: true,
      pattern: { regex: "[0-9]{13,16}", validation: "luhn" },
    },
  ],
});