Data Loss Prevention - Detect Cloudflare API tokens with DLP
2mo ago
Source
CloudflareData Loss Prevention - Detect Cloudflare API tokens with DLPcloudflare.comThe Credentials and Secrets DLP profile now includes three new predefined entries for detecting Cloudflare API credentials: Entry name Token prefix Detects Cloudflare User API Key cfk_ User-scoped API keys Cloudflare User API Token cfut_ User-scoped API tokens Cloudflare Account Owned API Token cfat_ Account-scoped API tokens These detections target the new Cloudflare API credential format , which uses a structured prefix and a CRC32 checksum suffix. The identifiable prefix makes it possible to detect leaked credentials with high confidence and low false positive rates — no surrounding context such as Authorization: Bearer headers is required. Credentials generated before this format change will not be matched by these entries. How to enable Cloudflare API token detections In the Cloudflare dashboard , go to Zero Trust > DLP > DLP Profiles . Select the Credentials and Secrets profile. Turn on one or more of the new Cloudflare API token entries. Use the profile in a Gateway HTTP policy to log or block traffic containing these credentials. Example policy: Selector Operator Value Action DLP Profile in Credentials and Secrets Block You can also enable individual entries to scope detection to specific credential types — for example, enabling Account Owned API Token detection without enabling User API Key detection. For more information, refer to predefined DLP profiles .
You might also wanna read
Cloudflare partners with Chrome, Edge, and Firefox on privacy-preserving bot detection protocol
Cloudflare has partnered with Google Chrome, Microsoft Edge, and Mozilla Firefox to develop Private Access Control Tokens (PACTs), a privacy
Authentication Reference Implementation for Cloudflare Workers with PBKDF2, JWT Sessions, and NIST Compliance
This article presents a comprehensive authentication reference implementation for Cloudflare Workers that serves as an educational resource
Cloudflare Introduces Unified CLI Tool for Accessing All Platform APIs
Cloudflare is introducing a new unified CLI tool called 'cf' designed to provide consistent access to their entire API ecosystem, which incl

Comments
Sign in to join the conversation.
No comments yet. Be the first.