Back to docs

Core Concepts

Interceptor Rules

BLAZLE evaluates each request against two layers of rules: built-in static rules and your organization's custom regex rules.

Built-in Rules

These are compiled into the Rust engine and run on every request:

AWS Access Key

\b(?:AKIA|ASCA|A3T|ASIA)[A-Z0-9]{16}\b
Catastrophic

PEM Private Key

-----BEGIN [A-Z\s]+ PRIVATE KEY-----
Catastrophic

GitHub Personal Access Token

\bgh[opru]_([a-zA-Z0-9]{36,255})\b
Major

Slack Webhook URL

https://hooks\.slack\.com/services/...
Major

Database Connection String

[a-zA-Z]+://user:pass@host/db
Major

Generic API Key/Credential

(?i)api_key\s*=\s*"[a-zA-Z0-9]{16,}"
Moderate

PII (Email)

\b[a-zA-Z0-9._%+-]+@[domain]+\b
Minor

PII (Credit Card)

\b(?:\d[ -]*?){13,16}\b
Major

Custom Rules

Create organization-specific rules via the dashboard or API:

POST /api/v1/admin/rules
{
  "name": "Internal Service Token",
  "pattern": "svc_[a-zA-Z0-9]{32}",
  "action": "block"   // "block" | "log" | "redact"
}