search cancel

DLP ICAP Response Rules for WSS Cloud Proxy are not working


Article ID: 201836


Updated On:


Data Loss Prevention Cloud Detection Service for ICAP Data Loss Prevention Cloud Detection Service Data Loss Prevention Enforce Data Loss Prevention Cloud Package


You have set up the DLP Cloud Detection Service and connected it to your WSS Cloud Proxy. The traffic is passing through the WSS Agent to Cloud Proxy, and incidents are created in DLP as expected if the policy matches.

However, even if the incident shows as "Blocked" on the Enforce Console, the file is still getting uploaded. 


Release : Enforce 15.x

Component :


There are 2 response rules being entered in the policy configuration - one to Block HTTP Content and a second one to Remove HTTP content.

There is a known issue with the "Remove HTTP/HTTPS Content" response rule, and having that rule present will also break the separately configured action to "Block HTTP/HTTPS" content.


Do not implement the "Remove HTTP/HTTPS Content" response rule.

You can instead use "Block HTTP/HTTPS" rule.


Additional Information

The defect # for tracking this issue is DLP-27031. Please contact support if necessary to confirm the resolution of this issue.