Crafting Lua code

When crafting Lua code, it is recommended to create Lua code in a code or text editor such as Notepad++ to make it easier to format, read, and edit.

Now taking the above example for Twitter, you can craft our code.
[[LUA_AF_REQUEST_SCOPE]]
if ((BG.method == "POST")
    and BG.domain:find("^twitter%.com$")
    and BG.uri:find("^/i/api/1%.1/statuses/update%.json")) then
BGResult.match = 1
BGResult.log = "Twitter Post"
end

Steps

  1. Start with the context designation - [[LUA_AF_REQUEST_SCOPE]] - which is an allow/fail action if a match is found.
  2. Write if/then command. Match that method=POST, domain=twitter.com, and uri=/i/api/1%.1/statuses/update%.json. Finish by stating that if those are all found, then make a match and create text to appear in the logs.
  3. With the code created, navigate to the Forcepoint ONE SSE portal
  4. Navigate to Protect > Objects > DLP Objects.
  5. Click the green plus icon and select Advanced to create the data pattern.




  6. Give it a name and then paste your code in Expression field under Match Criteria tab.




  7. Now with the pattern created, you can configure the policy. The policy can either be added to the individual app, for example if you have added Twitter as a custom managed app and are controlling it directly you would edit it there, or you can add it to the SWG Content Policy where you might be controlling.

    You can configure contextual access controls for who this policy will be applied to. Once your policy is configured, under the Upload DLP table, add your pattern and select Deny. Enable a notification (for example an inline notification) to alert the user when they violate the policy.



    And that's it, you have now officially configured a policy to block twitter posts by your end users.

    There are many options and capabilities you can perform with FPSL. You can even combine Data Patterns to create more advanced policy actions such allowing access to Twitter with corporate accounts (and blocking personal logins) and then also applying inline DLP on the posts from those corporate accounts.