Help us improve the AWS re:Post Knowledge Center by sharing your feedback in a brief survey. Your input can influence how we create and update our content to better support your AWS journey.
How do I configure AWS WAF to send a custom response when a specific rule blocks web requests?
I want to configure AWS WAF to send a custom response when a specific rule blocks web requests.
Resolution
By default, AWS WAF returns an HTTP 403 Forbidden error when its blocks a request. You can configure a custom response message to send non-default status codes, customized error messages, custom error pages, or redirect clients to different URLs.
For custom-created rules, you can configure custom responses directly on the rule.
For AWS Managed Rule groups, first set the specific rule within the managed rule group to Count. Then, create a custom response message and a custom rule to send the custom message.
Note: You must place the new custom rule below the managed rule group because AWS WAF evaluates rules in priority order.
Create a custom response
Complete the following steps:
- Open the AWS WAF console.
- In the navigation pane, under AWS WAF, choose Protection packs (web ACLs).
- Choose your protection pack.
- Choose Manage details.
- Under Protection pack (web ACL) behavior, choose Manage.
- Choose Create custom response body.
For Response body object name, enter a name.
For Content type, choose Plain text.
Note: The response body can be JSON, HTML, or plain text.
For Response body, enter your response message. - Choose Save.
Note: Amazon CloudFront and Amazon API Gateway also support custom responses. However, AWS WAF custom responses for Block actions take priority over any response specifications that are defined in your protected resource.
Create a custom rule to send the custom response
Complete the following steps:
- Open the AWS WAF console..
- In the navigation pane, choose Protection packs (web ACLs).
- Choose your protection pack.
- Choose Manage Rules.
- Choose Add rules.
- Choose Custom rule and then, choose Next.
- For Rule Type, choose Custom rule and then, choose Next.
- Configure your rule with the following values:
For Action, choose Block.
For Name, enter a name for your rule.
For If the request, choose matches the statement.
For Inspect, choose Has a label.
For Match scope, choose Label.
For Match key, enter the rule label. For example, to configures a custom responses for requests that match the CrossSiteScripting_QueryArguments rule in the core rule set (CRS) managed rule group, enter awswaf:managed:aws:core-rule-set:CrossSiteScripting_QueryArguments.
For Custom response, select Enable.
For Response code, enter your response code.(Optional) For Response headers, choose Add a new custom header.
For Key, enter a header name.
For Value, enter a header value.
Note: You can specify any header name except for content-type. - For Choose how you would like to specify the response body - optional, choose the custom response body created in Create a custom response message section.
- Choose Create Rule.
Note: For a list of supported HTTP status codes for custom responses, see Supported status codes for custom responses.
Related information
How do I create complex custom JSON rules in AWS WAF?
AWS Managed Rules rule groups list
- Etiquetas
- AWS WAF
- Idioma
- English
This article was reviewed and updated on 2026-03-16.
Contenido relevante
- preguntada hace 9 meses
- preguntada hace un año
- preguntada hace 7 meses
- OFICIAL DE AWSActualizada hace 10 meses