You can customize web requests and responses in the following ways:
With allow, count, and CAPTCHA actions, you can insert custom headers into the web request.
With block actions, you can define a complete custom response, with response code, headers, and body.
https://docs.aws.amazon.com/waf/latest/developerguide/customizing-the-incoming-request.htmlis the link with more details and examples.
[AWS WAF] Can't hit the rule with managed rules included in custom rulesasked a year ago
WAF managed rule to prevent dotenv vulnerabilityasked 10 months ago
How to set oversize handling WAFAccepted Answerasked 3 months ago
Clicking Add rule with the rule builder for a Web ACL in AWS WAF does nothing (no errors), the browser console shows WAFLimitsExceededException, we have no other WAFsasked 5 months ago
How to change Count rule to Block for AWS managed rulesasked 10 months ago
How to set custom Block response for managed rule sets in AWS WAF?asked 3 months ago
AWS WAF efficient rule for allowing specific IPs and Countries for specific URLsasked 7 months ago
Why AWS WAF (AWS-AWSManagedRulesAmazonIpReputationList) google ip are blacklisted?asked a day ago
Custom response body for AWS bot controlasked 8 months ago
WAF rule statement unable to match Headerasked a year ago