Set Custom Response Page

最終更新日:2024-10-28 17:27:36

You can customize the response actions configuration to control the content that attackers or users receive when a security policy is triggered and intercepted. This is typically used in the following scenarios:

  • Add your own brand or other personalized information to the request response to optimize user experience.
  • Add system variables provided by Cloud Security 2.0 in the request response, so that users can quickly obtain necessary information to assist in troubleshooting when they report false positives.
  • Set up deceptive response content for certain policies to fool attackers and increase their attack costs.

To configure a Custom Response Page:

  1. Log in to the CDNetworks Console, find the security product in use under Subscribed Products.
  2. Go to Security Settings > Shared Configuration > Actions.
  3. Scroll down the page to Custom Actions.

Create a custom action

  • On the Custom Actions tab. Click Add.
  • In Action Name, enter a name for the action.
  • If you want, enter a Description.
  • In Status Code, Select the status code to respond to the user.
  • Enter the Content-Type.
  • In Reponse Content Definition, the size of the response content cannot exceed 16KB. If you need to insert static resources such as picture, it is recommended to use links to import. The following interception parameters are supported:
    • {url}: Display the URL of the blocked request
    • {client_ip}: Display the client IP.
    • {time}: Display the time when the request was blocked.
    • {event_id}: Display the ID of this event.
  • Click Confirm to save.

Specify the created action for the security policy

Currently, the customized pages can be configured in two ways:

  1. Configuring response page of all the Deny Action:
    • Go to Security part, Configurations > Policies.
    • Find the hostname for which you want to configure security policies, click [New Feature] WAF Rule Template
    • Go to General Settings tab, following is Response Page of Deny Action.
    • Click Custom, and select the Action Name you created.
    • Click Publish Changes.
  2. Configuring response actions for the policies:
    • Bot Management > Anomaly Behavior Detection > Workflow Detection
    • Rate Limiting Rules