Posted On: Mar 29, 2021

AWS WAF now supports configuring the HTTP status code and the response body returned to the user when a request is blocked. Until today, AWS WAF could only return HTTP status code 403 (forbidden) when the user request was blocked by WAF. With Custom Response, you can now configure AWS WAF to send out a different HTTP status code, such as 3xx (redirects), 4xx (client errors), or 5xx (server errors). These codes can be used to redirect users to different parts of your application or provide users a specific response code based on the reason they were blocked by WAF. In addition, you can use Custom Response to include a response body to present a customized error message back to the user.

You can get started with the Custom Response feature by configuring the action associated with any new or existing WAF rule, or the default action associated with your web ACL. There is no additional cost for using the Custom Response feature, but standard service charges for AWS WAF will still apply. This feature is available in all AWS Regions where WAF is available and for each supported service, including Amazon CloudFront, Application Load Balancer, Amazon API Gateway, and AWS AppSync. To learn more, see the AWS WAF developer guide.