Configure custom response rules to configure custom block pages - Web Application Firewall

After you add your web services to Web Application Firewall (WAF), you can configure custom response rules to configure custom block pages that you want to return to clients whose requests are blocked. You can specify a custom status code, response header, and response body. By default, the custom response module is disabled. This topic describes how to configure a custom response rule.

Background information

If you do not configure custom response rules, a default block page is returned to clients whose requests are blocked.

默认拦截响应页面

You can configure custom response rules to configure custom block pages that are returned to clients when requests are blocked. You can specify a custom status code (Status Code), response header (Response Headers), and response body (Response).

Prerequisites

A subscription WAF 3.0 instance of the Enterprise or Ultimate edition or a pay-as-you-go WAF 3.0 instance is purchased. For more information, see Purchase a subscription WAF 3.0 instance and Purchase a pay-as-you-go WAF 3.0 instance.
Web services are added to WAF 3.0 as protected objects. For more information, see Protected objects and protected object groups.

Configure a custom response rule

WAF does not provide a default custom response rule template. Before you can enable a custom response rule, you must create a custom response rule template.

Log on to the WAF 3.0 console. In the top navigation bar, select the resource group and the region in which the WAF instance is deployed. The region can be Chinese Mainland or Outside Chinese Mainland.
In the left-side navigation pane, choose Protection Configuration > Protection Rules.
In the Custom Response section of the Protection Rules page, click Create Template.
Note
If no custom response rule templates exist, click Configure Now in the Custom Response card in the upper part of the Protection Rules page.

In the Create Template - Custom Response panel, configure the parameters and click OK. The following table describes the parameters.

Parameter	Description
Template Name	Specify a name for the template. The name of the template must be 1 to 255 characters in length and can contain letters, digits, periods (.), underscores (_), and hyphens (-).
Save as Default Template	Specify whether to set this template as the default template of the protection module. You can set only one default template for a protection module. If you turn on Save as Default Template, you do not need to configure the Apply To parameter. The default template is applied to all protected objects and protected object groups to which no protection templates are applied.
Rule Configuration	Configure a custom response rule. You can configure only one set of custom response rules for a custom response rule template. Status Code The HTTP status code that is returned by WAF to the client when WAF blocks a request. Valid values: 200 to 600. Default value: 405. Custom Header The header field in the response that is returned by WAF to the client when WAF blocks a request. Each header field consists of Header Name and Header Value. You can add up to five header fields. Response Body The source code of the block page. The following requirements must be met: The response body is in the HTML or JSON format. You can configure the Custom Header parameter to add the `content-type` header field to specify the format of the response body. The code can contain up to 4,000 characters. Important To retain the request ID on the block page, reference the `{::trace_id::}` string. You can use the request ID to query blocked requests in logs.
Apply To	Select the protected objects and protected object groups to which you want to apply the template. You can apply only one template of a protection module to a protected object or a protected object group. For information about how to associate protected objects and protected object groups with the template, see Protected objects and protected object groups.

By default, a new rule template is enabled. You can perform the following operations in the rule template list:

View the number of protected objects and protected object groups that are associated with the template.
Turn on or turn off the switch in the Status column to enable or disable the template.
Click Edit or Delete in the Actions column to modify or delete the template.
Click the icon to the left of a template name to view the rules in the template.

Important

After the custom response template takes effect, the content of the default block page for the protected objects is replaced with the content that you specified in the Rule Configuration section. If you want WAF to return the default block page to the client, disable the configured rules or delete the custom response template.

References

Protection configuration overview: This topic provides information about protected objects, protection modules, and protection process.
CreateDefenseTemplate: You can call the CreateDefenseTemplate operation to create a protection template.
CreateDefenseRule: You can call the CreateDefenseRule operation to create a protection rule. When you call this operation to create a custom response rule, you must set the DefenseScene parameter to custom_response.