How to redirect to custom block page for all AWS WAF block actions (including managed rule sets)

0

Hi,

we have an AWS WAF configuration with a mix of custom rules and managed rule sets. We would like to redirect all block actions to one specific error page from our website. Currently we have configured the custom error page only for our own custom rules, like so (using AWS CDK in Java):

private static RuleActionProperty blockAction() {
        return RuleActionProperty.builder()
            .block(BlockActionProperty.builder()
                .customResponse(customErrorPage())
                .build())
            .build();
    }

private static CfnWebACL.CustomResponseProperty customErrorPage() {
        return CfnWebACL.CustomResponseProperty.builder()
            .responseCode(302)
            .responseHeaders(List.of(CfnWebACL.CustomHTTPHeaderProperty.builder()
                .name("Location")
                .value("/our-error-page.html")
                .build()))
            .build();
    }

I know it's possible to do so for managed rule sets as well, by overriding them to count action and having a custom block rule, that listens to the rule specific label. The problem is, that for the managed rule sets we override some of the rules inside to count action. That means, we would have to create a custom rule that listens to all specific labels in the managed rule set, except for those, that we want to omit.

This seems to me like a lot of trouble and a very unreadable code afterwards. Is there no way to simply set a default custom block page for all block actions regardless of origin?

Advice would be much appreciated.

Cheers, Georg

1 Answer
1
Accepted Answer
profile pictureAWS
EXPERT
answered 2 months ago
profile picture
EXPERT
reviewed 2 months ago
profile picture
EXPERT
reviewed 2 months ago
  • After reading your second link, I found out, that you can actually set a custom error page for the 403 status code in your CloudFront distribution. That way all blocked actions from WAF show that page. So, problem solved.

    Thanks!

  • Glad that you found what you needed. Thanks for accepting my answer!

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions