.png?fit=max&auto=format&n=gKqTvJPtsRi2bLNx&q=85&s=8abbce3efb590630de2102c43d32aadf)
.png?fit=max&auto=format&n=Dy9YsIECUbR9JZiT&q=85&s=a1f404cd7f7aeb1727c89d81137ae1ac)
A regular expression rule is the most flexible gateway rule detection method in MCP Manager: you supply one or more patterns, and the rule matches them against the text of a tool message. Select Regular expression as the Detection method in the rule editor on a gateway’s Rules tab.Documentation Index
Fetch the complete documentation index at: https://docs.mcpmanager.ai/llms.txt
Use this file to discover all available pages before exploring further.
How regex matching works
MCP Manager compiles each pattern as a JavaScript regular expression and evaluates it with the case-insensitive (i) and global (g) flags. Matching therefore ignores letter case and finds every occurrence in the message, not just the first. Enter patterns in JavaScript syntax (the same syntax the RegExp constructor accepts); surrounding slashes are optional.
A regex rule scans the text of the tool message on whichever detection hook you chose — the tool’s arguments on the request leg, or the tool’s result on the response leg. Because regex runs in-process and synchronously, it never “fails,” so a regex rule has no failure mode.
Multiple patterns
A single rule can hold more than one pattern. Use Add matching pattern in the rule editor to add another. Patterns are evaluated as an OR: if any pattern matches, the rule’s action fires. Each pattern is compiled and tested independently.Pattern validation and the Regex101 helper
If a pattern has invalid syntax, the rule editor shows an inline error with a “Click here to test and fix your pattern on Regex101” link, pre-filled with your pattern so you can debug it on regex101.com and paste the corrected version back.Actions
Regular-expression rules support all five rule actions. The action applies to the text each pattern matched:| Action | What it does to the matched text |
|---|---|
| Block | Blocks the whole message. A blocked request never reaches the server; a blocked response never reaches the client. |
| Redact | Removes the match entirely, leaving nothing in its place. |
| Replace | Substitutes the match with the constant <SENSITIVE>. |
| Mask | Replaces each character of the match with an asterisk, preserving the original length. |
| Hash | Replaces the match with a truncated SHA-256 hash, <HASH:…> (16 hex characters), so you can correlate repeated values without exposing them. |
Examples
Block prompt-injection attempts
Block prompt-injection attempts
Detection method: Regular expression · Action: Block · Alerts: onIf a tool response carries text like “ignore your previous instructions,” the response is blocked before the model sees it. Enable alerts so you’re notified on every attempt.
Patterns
Redact or replace US Social Security numbers
Redact or replace US Social Security numbers
Mask credit-card numbers
Mask credit-card numbers
Detection method: Regular expression · Action: MaskCatches most card formats and replaces the digits with asterisks, preserving length. For checksum-validated detection with fewer false positives, use a Presidio rule with the
Pattern
CREDIT_CARD entity instead.Redact API keys and tokens
Redact API keys and tokens
Detection method: Regular expression · Action: ReplaceTargets generic key/secret assignments plus Stripe secret keys, GitHub personal access tokens, and AWS access key IDs.
Patterns
Further reading
Microsoft Presidio
Context-aware detection for unstructured PII like names and addresses.
Gateway Rules Overview
Detection methods, hooks, failure modes, actions, and rule ordering.
Custom Rule Engines
Delegate nuanced policy to AWS Bedrock, Lakera Guard, or your own webhook.