Question: Is it possible for us to customize the HTTP status code of the “under attack” browser validation screen? Eg: Change it from 503, to say, 504, or 520.
I know this may seem completely random, but here’s some background as to why…
We operate a system in which we want to run “under attack mode” constantly to force browser validation and keep the CloudFlare on as aggressive of a security stance as possible (fintech). Our current “API Gateway” throws 503 errors whenever its unable to communicate with upstream services. We’d like to begin using service workers, and/or to allow our Ajax calls to detect when the browser needs revalidation. Currently, whenever our front-end detects a 503 we can’t tell if it’s from you, or from our API Gateway, so we currently just trigger a full page browser reload when this occurs. This has the negative side-effect of if one of our backend services are down, instead of handling this gracefully on our frontend we currently infinite loop page reload.
Our current solutions involve one of three things, from easiest to hardest.
1: Ask you if you can customize (for us) the HTTP response code, eg: change it to 504.
2: Dig into the ajax library we’re using to try to detect the 503 in our frontend to distinguish it from our 503s. We’ve tried this briefly and been unable to succeed, but may need more effort.
3: Modify the source code of our api gateway to throw a different response code, eg: 504