Regex Prompt Guard Policy

Policy Name

Regex Prompt Guard

Summary

Blocks LLM requests that match deny-list regex patterns

Category

LLM

First Flex Gateway version available

v1.11.4

Returned Status Codes

403 - Forbidden: Request blocked because prompt content matched one or more denied patterns

Summary

This policy only supports OpenAI format LLM endpoints.

The Regex Prompt Guard policy scans LLM prompts and blocks requests when prompt content matches Perl Compatible Regular Expressions (PCRE) deny-list patterns.

To learn more about PCRE, see PCRE - Perl Compatible Regular Expressions.

For example, you can use the policy to block attacks such as:

Prompt injection
Jailbreak attempts
SQL injection patterns
HTML script injection

Configuring Policy Parameters

Flex Gateway Local Mode

The Regex Prompt Guard policy isn’t supported in Local Mode.

Managed Flex Gateway and Flex Gateway Connected Mode

When you apply the policy from the UI, the following parameters are displayed:

Element Required Description

Element	Required	Description
Pattern Name	Yes	Human-readable pattern name. The policy includes this value in the blocked-response details.
Regex Pattern	Yes	PCRE-compatible regex expression used to match prompt content. Use `(?i)` for case-insensitive matching. To learn more about PCRE, see PCRE - Perl Compatible Regular Expressions.

Pattern Name

Yes

Human-readable pattern name. The policy includes this value in the blocked-response details.

Regex Pattern

Yes

PCRE-compatible regex expression used to match prompt content. Use (?i) for case-insensitive matching. To learn more about PCRE, see PCRE - Perl Compatible Regular Expressions.

Response on Block

When a request is blocked, the policy returns a response body containing the matched deny patterns:

{
  "error": "Request blocked - content matches denied pattern",
  "matched_patterns": [
    "prompt-injection"
  ]
}