All Products
Search
Document Center

Web Application Firewall:Configure protection rules for the custom response module to configure custom block pages

更新時間:Dec 24, 2024

After you add your web services to Web Application Firewall (WAF), you can configure protection rules for the custom response module to configure custom block pages that you want to return to clients when the requests of the clients are blocked. You can specify a custom status code, response header, and response body. By default, the custom response module is disabled. This topic describes how to configure protection rules for the custom response module.

Background information

If you do not configure protection rules for the custom response module, a default block page is returned to clients when requests are blocked.

默认拦截响应页面

You can specify a custom status code, response header, and response body.

Prerequisites

Create a protection template of the custom response module

The custom response module does not provide default protection templates. Before you can enable a protection rule of the custom response module, you must create a protection template of the module. After the template is created, a protection rule is automatically generated.

  1. Log on to the WAF 3.0 console. In the top navigation bar, select the resource group and region of the WAF instance. You can select Chinese Mainland or Outside Chinese Mainland.

  2. In the left-side navigation pane, choose Protection Configuration > Core Web Protection.

  3. In the Custom Response section of the Core Web Protection page, click Create Template.

    Note

    If this is your first time to create a protection template of the custom response module, you can also click Configure Now in the Custom Response card in the upper part of the Core Web Protection page.

  4. In the Create Template - Custom Response panel, configure the parameters and click OK. The following table describes the parameters.

    Parameter

    Description

    Template Name

    Specify a name for the template.

    The name of the template must be 1 to 255 characters in length and can contain letters, digits, periods (.), underscores (_), and hyphens (-).

    Save as Default Template

    Specify whether to set the template as the default template for the protection module.

    You can specify only one default template for a protection module. If you turn on Save as Default Template, you do not need to configure the Apply To parameter. The default template is applied to all protected objects and protected object groups to which no custom templates are applied.

    Rule Configuration

    Configure rule settings. A protection template of the custom response module contains only one protection rule.

    • Status Code

      Specify the HTTP status code that is returned by WAF to the client when WAF blocks a request. Valid values: 200 to 600. Default value: 405.

    • Custom Header

      Specify the header field in the response that is returned by WAF to the client when WAF blocks a request. Each header field consists of Header Name and Header Value. You can add up to five header fields.

    • Response Body

      Specify the source code of the block page. Make sure that the following requirements are met:

      • The response body is in the HTML or JSON format.

      • The response body can contain up to 4,000 characters.

      Important
      • If you want to retain request IDs on the block page, reference the {::trace_id::} string. You can use the request IDs to query blocked requests in logs.

      • You can configure the Custom Header parameter to add the content-type header field to specify the format of the response body.

    Apply To

    Select items to which you want to apply the template on the Protected Objects and Protected Object Group tabs.

    You can apply only one template of a protection module to a protected object or protected object group. For more information about how to add protected objects and create protected object groups, see Configure protected objects and protected object groups.

    By default, a newly created protection template is enabled. You can perform the following operations on the template in the template list:

    • View the numbers of protected objects and protected object groups that are associated with the template in the Protected Object/Group column.

    • Turn on or turn off the switch in the Status column to enable or disable the template.

    • Click Edit or Delete in the Actions column to modify or delete the template.

    • Click Edit in the Actions column to modify the template.

    • Click the 展开图标 icon to the left of the template name to view the protection rules in the template.

    • Click the 展开图标 icon to the left of the template name to view the engine information of the template.

Important

After the protection template takes effect, the default block page for the protected objects to which the protection template is applied is replaced by the custom block page that you specify in the Rule Configuration section. If you want WAF to return the default block page to clients, disable or delete the protection template.

References

  • For more information about the protection objects, protection modules, and protection process of WAF 3.0, see Protection configuration overview.

  • For more information about how to create a protection template by calling an API operation, see CreateDefenseTemplate.

  • For more information about how to create a protection rule by calling an API operation, see CreateDefenseRule.