Web Application Firewall:Custom responses

Background information

If you do not configure a custom response, a default block page is returned to the client when a request is blocked. You can customize the response content, including the Status Code, Response Headers, and Response.

Create a custom response

1. Log on to the Web Application Firewall (WAF) 3.0 console, and in the top menu bar, select the resource group and region (Chinese Mainland or Outside Chinese Mainland) for the WAF instance.

2. In the navigation pane on the left, choose Protection Configuration > AI Application Protection. On the Custom Response page, click Create.

3. In the Create panel, configure the following parameters and click OK.

   Parameter	Description
   Name	Set a name for the custom response.
   Status Code	Set the HTTP status code that is returned to the client when a request is blocked. Value range: an integer from 200 to 600. The default block response code for WAF is 405. Important Do not use 204 or 304 as the response code. Otherwise, WAF uses the default 405 block response, and the custom response does not take effect.
   Custom Header	Set the header fields to include in the response that is returned to the client when a request is blocked. Each header field contains a Header Name and a Header Value. You can add up to 10 header fields.
   Response Body	Set the source code for the block response page. The configuration requirements are as follows: HTML and JSON formats are supported. The code can contain up to 4,000 characters. Important To retain the request ID on the response page to query blocked requests in Simple Log Service, reference the {::trace_id::} string in the appropriate location. You can add a content-type header field in Custom Headers to specify the format of the response body.

In the custom response list, you can perform the following operations.

• View the Rule ID, Rule Name, and Status Code.

• Edit or Delete a custom response.