Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
By default, when Azure Front Door Web Application Firewall (WAF) blocks a request because of a matched rule, it returns a 403 status code with the message "The request is blocked." The default message also includes the tracking reference string that's used to link to log entries for the request.
In this article, you learn how to configure a custom response status code and a custom message with a reference string for your use case using the Azure portal, PowerShell, or the Azure CLI.
Prerequisites
An Azure account with an active subscription. Create an account.
Sign in to the Azure portal with your Azure account.
Configure a custom response status code and message
To customize the response status code and body, follow these steps:
Go to your Front Door WAF policy in the Azure portal.
Under Settings, select Policy settings.
Enter the custom response status code and response body in the Block response status code and Block response body boxes, respectively.
Note
The JavaScript challenge feature is available only in WAF policies on the Azure Front Door Premium tier.
Select Save.
In the previous example, the response code was kept as 403 with a custom message: "Please contact us with this information:".
Note
{{azure-ref}} inserts the unique reference string in the response body. The value matches the TrackingReference field in the FrontDoorAccessLog and FrontDoorWebApplicationFirewallLog logs.
Important
If you leave the block response body blank, the WAF returns a 403 Forbidden response for normal WAF blocks and a 429 Too many requests for rate limit blocks.