WAF Block action HTTP Response Code

Perhaps this is more of a request than a question, but would be great to allow 500’s HTTP response codes for Block actions in WAF.

Currently only the 400 codes are allowed but think 500’s could be appropriate in some cases as well.

Pro plan.

Hi there,

I can’t see how a 5xx would apply to a firewall block status, but you can probably have a “block” page at your origin, and instead of a waf rule that blocks it, you can create a redirect or page rule with the same expression that you would create a WAF, but instead of a block, you redirect it to your custom tailored page.
… or have a worker delivering a 5xx in certain scenarios.
It’s a workaround, but I honestly don’t believe there is a point on changing the status code.

But feel free to fill a feature request:

Take care.

to elaborate, my intent was to prop up an explanation page with code 503 while our server is offline for maintenance.

If 503 were allowed, this would be the quickest and fastest way to implement it, stick it up as the first WAF rule and be done.

I could use 404, but 503 is more appropriate for this case.

500 errors may not exactly be in the spirit of block actions, but this one may loosely be.

Thanks

Hi there,

A server offline will not show as a 40x it will show as a 5xx.
…and you can customize 500 class errors in your dashboard under Custom Pages, as long as your plan is Pro or higher.

Take care.

Nice tip on Custom Pages.

According to CF docs:

500, 501, 503, and 505 responses will not trigger custom error pages.

We don’t physically take the origin servers offline during maintenance. We just don’t want people reaching it.

Would have been a whole lot easier to do all this with a simple WAF block, custom HTML and a 503 code, but as things are Workers may be the only practical way of handling this.

Thanks

Hi there,

It allows you to customize specifically 502, 504, and 52x errors only.

This will trigger a 502 on Cloudflare side, which is customizable.

Take care.

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.