Prompt Firewall & DLP Rules Guide
Machine-readable JSON rules plus human-readable spec for API gateway enforcement.
Deploy prompt firewall and DLP rules before production traffic.
Human-readable rules spec plus machine-readable JSON for API gateways and middleware. Block injection attempts and sensitive data in prompts before they reach your model.
How to Fill Out This DLP & Prompt Firewall Engine Rules
Prompt injection firewall rules template — Deploy at middleware before prompts reach the model — includes companion JSON for engineering import.
Recommended Owner: Security or Platform Engineering
Before you start
Getting Started
- Two files: Human-readable rules spec (
.txt) plus machine-readable.jsonfor gateway import — both ship in the free download. - Edit safely: Use VS Code or similar; validate JSON before deploying to middleware.
- Customize patterns: Tune regex and block rules for your data classes (PII, secrets, injection markers).
- Pair with AI-006: Scope rules to systems in your AI register and risk tiers (AI-005).
Toolkit links
Related templates in your kit
Keep these companion documents consistent (same owners, dates, and vendor names):
- AI-003
- AI-006
- AI-002
Quality check
Before You Finalize
- Every [bracket] placeholder is replaced or marked N/A with a short reason.
- Roles and tool names match COR-005 org chart and SOC-004 system description.
- Review and Approval section is signed with name, title, and date.
Evidence
Where to Store It
- Store the completed file in your compliance evidence folder (signed PDF for policies).
- Register the document in COR-013 Document Control Log with version and review date.
- Link to the record in your SOC-005 project plan or evidence index when ready.