Referrer Allow Rule Not Working

  • 21 October 2023
  • 0 replies

I have a Real Time Protection DLP rule that is blocking uploads to unauthorized cloud storage sites. This rule hit when a user uploaded an invoice to a platform we use, Divvy. Divvy's storage is backed by S3. As such, the event shows that there was an Upload action on S3, with the referrer being


As this platform is trusted and will be in frequent use, I want to whitelist these actions. As such, I:

  • created a HTTP Header policy, designating that I want to check the Referrer header, and set the value to
  • created a RTP policy above the the existing DLP policy that is blocking (well, alerting the user on) the upload. The policy allows Upload to S3 if the referrer matches the one I created above.
    NOTE: The Allow policy, while above the Block policy, is in a different policy group. I don't think this matters, but figured it was worth stating.


Of course - you know where this is going. The action continues to be alerted on, despite the explicit allow. I have added screenshots to demonstrate the policies, placement, and alert. Any guidance is helpful, as it seems to me this should be working, so I am left thinking I have a fundamental misunderstanding of how the policies function.

0 replies

Be the first to reply!