The custom response module allows you to configure the custom block page that Web Application Firewall (WAF) returns to the client when WAF blocks a request from the client. You can configure the status code, the response headers, and the response body of the block page. By default, the custom response module is disabled. This topic describes how to enable and configure the custom response module.

Prerequisites

Default protection template

By default, the custom response module is disabled, and no default protection templates are provided. When WAF blocks a request, WAF returns the following default block page to the client.

Default block page

The custom response module allows you to configure the block page, including the status code (Status Code ), response headers (Response Headers), and response body (Response).

Before you can enable the custom response module, you must create a custom response template and configure protection rules. For more information, see Create a custom response template.

Create a custom response template

If you configure the custom response module for the first time, you must create a custom response template.

To create a custom response template, perform the following steps:

  1. Log on to the WAF 3.0 console.
  2. In the top navigation bar, select the resource group and region to which the WAF instance belongs. You can select the Chinese Mainland or Outside Chinese Mainland region.
  3. In the left-side navigation pane, choose Protection Configuration > Protection Rules.
  4. In the Custom Response section, click Create Template.
  5. In the Create Template - Custom Response panel, configure the following parameters.
    Custom Response
    Parameter Description
    Template Name Enter a name for the template.

    The name can contain letters, digits, and underscores (_).

    Save as Default Template Specify whether to set this template as the default template for the protection module.

    You can set only one default template for a protection module. If you turn on Save as Default Template, you do not need to configure Apply To. A default template takes effect on both the protected objects and protected object groups to which no templates are applied. The protected objects include new protected objects and protected objects that are removed from specific templates. The protected object groups include new protected object groups and protected object groups that are removed from specific templates.

    Rule Configuration Configure a custom response rule. The custom response template provides only one set of protection rules.

    For more information about how to configure a custom response rule, see Rule configuration description.

    Apply To Select the protected objects and protected object groups to which the template is applied.

    You can apply a protected object or protected object group to only one template of the protection module.

    For more information about how to add protected objects and protected object groups, see Manage protected objects and Manage protected object groups.

  6. Click OK.
    After the custom response template is created, you can view the custom response template and the numbers of protected objects and protected object groups to which the custom response template is applied in the Custom Response section.
    By default, the newly created custom response template is enabled. You can turn on or turn off the switch in the Status column to enable or disable the custom response template. You can also modify or delete the custom response template. You can click the Show icon icon next to the name of the custom response template to view the rules that are included in the template.
    Notice If WAF blocks requests that are sent to the protected objects specified by the Apply To parameter, WAF returns the custom block page to the client, instead of the default block page. If you want WAF to return the default block page to the client, disable the relevant rules or delete the relevant custom response template.
    Custom Response Template

Rule configuration description

When you create or modify a custom response template, you can configure a custom response rule. The following table describes the parameters of the custom response rule.
Parameter Description
Status Code The HTTP status code that WAF returns to the client when WAF blocks a request. Valid values: 200 to 600.

Default value: 405.

Custom Header The header in the response that WAF returns to the client when WAF blocks a request.

Each header consists of Header Name and Header Value. You can add up to five headers.

Response Body The source code of the block page.
  • The following formats of the response body are supported: HTML and JSON.

    You can configure Custom Header to add the content-type header to specify the format of the response body.

  • The code can contain up to 4,000 characters in length.
Notice To retain the request ID in the block page, reference the {: :trace_id: : } string. You can use the request ID to query blocked requests in logs.