New custom WAF rules custom HTML response: dynamic fields, 2048 char limit, and more


Now that firewall rules have become custom rules, we can finally specify a custom HTML block response per rule, which is fantastic.

However, a few things could be improved.

  1. There’s no way to quickly customize just the block reason because custom HTML replaces the whole block page. Ideally, there’d be a way to use an existing CF template and just customize the block reason.

  2. To work around that, I pulled HTML from CF’s existing block page and made a few tweaks, including specifying a custom reason. Upon submitting the HTML, I saw that the response limit is a measly 2048 bytes, which isn’t even enough to serve CF’s own block page. I had to cut it down severely. Ideally, the limit would be a bit higher - at least 4096 bytes.

  3. How do we use dynamic fields in responses? I tried using ::RAY_ID:: and ::CLIENT_IP:: per Configuring Custom Pages (Error and Challenge) · Cloudflare Support docs, but they just got output verbatim instead of their dynamic values.

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.