Selective removal of protected content from web requests sent to an interactive website

摘要

A method and apparatus for selectively removing a data element that triggers a policy violation from a web request to an interactive website. In one embodiment, a computer-implemented method identifies a policy for protecting source data, having a plurality of data elements. The method further evaluates a web request sent to an interactive website as part of a web-based application, and determines that the web request includes at least one of the plurality of data elements triggering a violation of the policy. The method determines the data boundaries of the web request, and selectively removes data content within the data boundaries containing the at least one data element that triggered the violation to allow the web request to be processed by the interactive website as if it were the original web request containing the at least one data element.

主权项

1. A computer-implemented method, comprising:
identifying a policy for protecting source data, having a plurality of data elements, using a data monitoring system (DMS) including a processor, the policy maintained by an organization to prevent loss of sensitive information; evaluating, at the DMS, a web request sent to an interactive website as part of a web-based application, wherein the interactive website hosts the web-based application, wherein the web request is encapsulated according to a data structure specified by the interactive website; determining by the DMS, that the web request includes at least one of the plurality of data elements triggering a violation of the policy; determining data boundaries of the web request upon receiving the web request at the DMS, wherein determining the data boundaries of the web request comprises determining a rule used to capture the specified data structure of the web request sent to the interactive website, and wherein the specified data structure specifies the data boundaries of the web request; selectively removing data content within the data boundaries containing the at least one data element that triggered the violation to allow the web request to be processed by the interactive website as if it were the original web request containing the at least one data element, wherein selectively removing the data content within the data boundaries comprises replacing the data content with replacement content based on a data type and length of the web request; reevaluating, at the DMS, the web request with the at least one data element selectively removed to determine whether the data elements that triggered the violation have been successfully removed from the web request, wherein the web request with the at least one data element selectively removed comprises a header indicating that the web request with the at least one data element selectively removed is a resubmission for content validation; upon determining that the data elements that triggered the violation have been successfully removed from the web request, sending the web request to the interactive website, wherein the header is removed from the web request; and upon determining that the data elements that triggered the violation have not been successfully removed from the web request, blocking the web request or allowing the web request to be sent to the interactive website unmodified.