Defining Custom Detection Rules
Security for Confluence allows for creation of custom scanning rules using regular expressions.
Only Confluence Administrators can access these settings.
To create a rule, first visit the Settings page, and then expand the “Custom rules” section.
![](../../__attachments/14585298956/Screen%20Shot%202023-01-31%20at%201.24.46%20PM.png?inst-v=1b0af743-2cdd-4a08-ad47-6dd768c8f61d)
Security for Confluence imposes hard limits on how much memory a rule can use and how long a rule can take to scan a page fragment. Scanning rules which exceed these limits will be automatically disabled, and the scan will be marked as failed.
If a secret in a single page fragment matches more than one rule (built-in or custom), only the first match will be reported.
Developing custom rules
Our application uses the built-in JDK java regex library (Java 8). The supported regex constructs are documented here.
The tool we recommend for testing out new custom rules is https://regex101.com.
Make sure to select “Java 8” as the “Flavor”:
![](../../__attachments/14585298956/image-20231027-194053.png?inst-v=1b0af743-2cdd-4a08-ad47-6dd768c8f61d)
Example custom rules
Bitcoin Address
^[13][a-km-zA-HJ-NP-Z0-9]{26,33}$
Youtube Links
<a\s+(?:[^>]*)href=\"((?:https|http):\/\/\w{0,3}.youtube+\.\w{2,3}\/watch\?v=[\w-]{11})">(?:.*?)<\/a>