Follow

Q&A: Can you customize the WAF Violation Block Page, HTTP Response Code, and/or the HTTP Response Headers?

 

Question 

Environment

  • Silverline WAF
  • WAF Policy
    • Support ID
    • WAF Violation
    • WAF Block page and HTTP Response Headers

 

Answer

Yes, you can customize a WAF policy's Violation Block Page

  • The WAF Violation Block page is customizable:
    • Allows the flexibility to configure a custom HTTP response page with corporate branding, helpdesk contact information, or other user-friendly information
    • Supports HTML code
    • Allows for customized HTTP Response code for Block page
  • The default Response Header for a Block Page includes:
    • HTTP/1.1 200 OK
      Cache-Control: no-cache
      Pragma: no-cache
      Connection: close
  • The default HTML 
    • <html><head><title>Request Rejected</title></head><body>The requested URL was 
      rejected. Please consult with your administrator.<br><br>Your support ID is:
      <%TS.request.ID()%></body></html>

Requirements for Custom WAF Violation Block Page HTML

  • Only one custom WAF Violation Block Page per WAF policy
  • Must include support ID by using the field <%TS.request.ID()%> -- This ensures that blocked requests can be identified
  • Any external assets required for the page (e.g. css, images) must be either
    • (a) contained entirely in the HTML (e.g. as a base64 object), or
    • (b) externally hosted and made available through an href to the external source
  • File size must be less than 51200 bytes
  • Please specify the HTTP response code you want to be associated when the Block page occurs
    • The default is 200 OK 
    • Only one response code may be configured per WAF policy
  • Please specify any specific HTTP response header requirements as well
    • Default
      • HTTP/1.1 200 OK
        Cache-Control: no-cache
        Pragma: no-cache
        Connection: close
  • The option to redirect to another page is allowed/supported as well

Related Content

 

Was this article helpful?
1 out of 1 found this helpful
Have more questions? Submit a request