Help Center/ Web Application Firewall/ User Guide/ Connecting Your Website to WAF/ Recommended Configurations After Website Connection/ Modifying the Alarm Page
Updated on 2025-08-19 GMT+08:00
View PDF
Share

Modifying the Alarm Page

If a visitor is blocked by WAF, the Default block page of WAF is returned by default. You can also configure Custom or Redirection for the block page to be returned as required.

If you have enabled enterprise projects, ensure that you have all operation permissions for the project where your WAF instance locates. Then, you can select the enterprise project from the Enterprise Project drop-down list and customize alarm pages for the domain names.

Prerequisites

You have connected the website you want to protect to WAF.

Constraints

  • The Redirection mode is not supported if you select Cloud Mode - Load balancer for the protected website.
  • The content of the text/html, text/xml, and application/json pages can be configured on the Custom block page to be returned.
  • The root domain name of the redirection address must be the same as the currently protected domain name (including a wildcard domain name). For example, if the protected domain name is www.example.com and the port is 8080, the redirection URL can be set to http://www.example.com:8080/error.html.

Editing Response Page for Blocked Requests

  1. Log in to the WAF console.
  2. Click in the upper left corner and select a region or project.
  3. (Optional) If you have enabled the enterprise project function, in the upper part of the navigation pane on the left, select your enterprise project from the Filter by enterprise project drop-down list. Then, WAF will display the related security data in the enterprise project on the page.
  4. In the navigation pane on the left, click Website Settings.
  5. On the Website Settings page, click the target website domain name.
  6. Click Modify next to the page template name in the row of Alarm Page. In the displayed Alarm Page dialog box, specify Page Template.

    • To use the built-in page, select Default. An HTTP code 418 is returned.
    • To customize the alarm page, select Custom and configure following parameters. Figure 1 shows an example.
      • HTTP Return Code: return code configured on a custom page.
      • Response Header: Click Add Response Header Field and configure response header parameters.
      • Block Page Type: The options are text/html, text/xml, and application/json.
      • Page Content: Configure the page content based on the selected value for Block Page Type.
      Figure 1 Custom alarm page
    • To configure a redirection URL, select Redirection.
      Figure 2 Redirection alarm page

      The root domain name of the redirection URL must be the same as the currently protected domain name (including a wildcard domain name). For example, if the protected domain name is www.example.com and the port is 8080, the redirection URL can be set to http://www.example.com:8080/error.html.

  7. Click OK.

    After completing the above configuration, you can enable basic web protection by referring to Configuring Basic Web Protection to Defend Against Common Web Attacks (with Protective Action set to Block), simulate an attack, and verify WAF protection.

Parent Topic: Recommended Configurations After Website Connection