Setting Up a Custom Error Page

If you don’t configure anything else, when vWAF denies a request, it returns one of the standard HTTP error codes to the web server. The web server will then react according to its configuration.

Alternatively, you can set up your own error page or you can redirect to a particular URL. In these cases, you can display a unique error ID, which vWAF creates for each denied request and also writes to the log files. If users of your web application get an error message (for example, because one of the protective rules that you’ve set up is too restrictive), you can ask them to tell you the error ID. You can then go to the log file view (see Log Files), filter your log files for the given error ID, and see precisely which handler has denied the corresponding request.

There are two places where you can set up what vWAF does when it denies a request:

  • In Global Configuration you can set up the default behavior for all applications.
  • When you select an application in the navigation area, you can activate the Configuration | Error Page Setup tab. On this tab, you can configure a specific behavior that exclusively applies to the selected application.

You can choose from the following options:

  • HTTP error code:

    This is the standard behavior. When vWAF denies a request, it returns one of the standard HTTP error codes to the web server. The web server will then react according to its configuration.

  • HTML error page:

    Displays a configurable error page when vWAF denies a request. You can edit the HTML code of this page freely. On your error page, you can show the generated HTTP error code, and you can show the unique error ID that vWAF creates for each denied request.

  • Redirection:

    Sets up a redirection to a specific URL. Within the URL, as parameters you can include the generated HTTP error code and the unique error ID that vWAF creates for each denied request.

  • Inherited from global configuration:

    This option is only available on the Configuration | Error Page Setup tab. It applies the behavior as it was defined in Global Configuration.

Setting up an HTML error page

  1. In the navigation area, select the application for which you want to set up the error page.
  2. Activate the Configuration | Error Page Setup tab.
  3. In the list, select HTML error page. An edit field appears with some default HTML code for the error page.

  4. Adapt the HTML code as required or replace it with our own. If you already have an existing error page template, you can either copy and paste the HTML code into the edit field, or you can use the Upload button to import the file into the edit field. You can test your error page at any time by clicking the Preview button.

    Within the HTML code, you can use the template strings {{ERROR-CODE}} to show the generated HTTP error code (see HTTP Error Codes), and {{ERROR-ID}} to show the unique error ID that vWAF creates for each denied request.

    If you want to reset your changes, you can click the Fill in default value button.

  5. When your error page looks and works as intended, click the Commit button. When vWAF denies a request, users of your web application now see your custom error page.

Setting up a redirection to a given URL

  1. In the navigation area, select the application for which you want to set up the redirection in case of denied requests.
  2. Activate the Configuration | Error Page Setup tab.
  3. In the list, select Redirection.

    An edit field appears, containing a default URL. Within the URL, you can use the template strings {{ERROR-CODE}} for the generated HTTP error code and {{ERROR-ID}} for the unique error ID that vWAF creates for each denied request.

  4. Adapt the URL as required. You can test it by clicking the Preview button. If you want to reset your changes, you can click the Fill in default value button.
  5. When your redirection works as intended, click the Commit button. When vWAF denies a request, users of your web application now are redirected to your special error page.