search cancel

DLP ICAP Response Rules for WSS Cloud Proxy are not working

book

Article ID: 201836

calendar_today

Updated On:

Products

Data Loss Prevention Cloud Detection Service for ICAP Data Loss Prevention Cloud Detection Service Data Loss Prevention Enforce Data Loss Prevention Cloud Package

Issue/Introduction

You have set up the DLP Cloud Detection Service and connected it to your WSS Cloud Proxy. The traffic is passing through the WSS Agent to Cloud Proxy, and incidents are created in DLP as expected if the policy matches.

However, even if the incident shows as "Blocked" on the Enforce Console, the file is still getting uploaded. 

Cause

There are 2 response rules being entered in the policy configuration - one to Block HTTP Content and a second one to Remove HTTP content.

There is a known issue with the "Remove HTTP/HTTPS Content" response rule, and having that rule present will also break the separately configured action to "Block HTTP/HTTPS" content.

Environment

Release : Enforce 15.x

Component :

Resolution

Do not implement the "Remove HTTP/HTTPS Content" response rule.

You can instead use "Block HTTP/HTTPS" rule.

 

Additional Information

The defect # for tracking this issue is DLP-27031. Please contact support if necessary to confirm the resolution of this issue.

Attachments