FIREWALL RULES to return 404 error instead of 403 error

Currently, Firewall rules block traffic by returning HTTP status 403 (forbidden).

I want to return HTTP status code 404 or 400 whenever the firewall blocks any traffic. How to achieve this in Cloudflare ? Is this possible currently ? I am using the free plan. Is it possible in the paid/pro plans ? Using workers ?

My use case is very simple and probably very common -

  1. My website has pages with patterns /trends*, /news*, /sitemap*, /ads*, /robots* only
  2. All other page patterns are to be blocked (non existing pages on my website)
  1. I have setup a firewall rule to block all patterns except the above. This will completely eliminate unnecessary traffic to my origin server. But I want the CF firewal to return 404 or 400 http status code. It currently returns 403 which is not correct for my usecase and can create SEO problems etc

Can this feature be added to Cloudflare Firewall Rules ? i.e. new options for Blocking i.e. Block(403), Block(404), Block(400).

Kindly review and advise.

The firewall will always return a 403 when a request is blocked and that’s the correct status code.

If you want to return a custom code, you would either have to implement this yourself (Worker or server-side) or - alternatively - you could use a URL rewriting rule instead of a firewall rule and rewrite requests to a path which returns such a code.

I would not advise any of that, however, as 403 is the correct status code. If you really want to go that route, the best approach would be to simply handle that server-side.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.