Adding a Web Application Firewall Action

Add an action to a web application firewall (WAF) policy.

Using the Console

  1. On the Policies list page, select the WAF policy that you want to add an action to. If you need help finding the list page or the policy, see Listing Web Application Firewall Policies.
  2. On the WAF policy's details page, under Policy, select Actions.
  3. Select Manage actions.
  4. In the Manage actions window, select Add action.
  5. In the Add action panel, enter the following information:
    • Name: Enter a name for the action.

    • Type: Specify the action type:
      • Allow: Skips all remaining rules in the current module.
      • Check: Doesn't stop the running of rules. Instead it generates a log message that documents the result of running the rules.
      • Return HTTP response: Returns a defined HTTP response.

        If you select this type, then provide the following values:

    • If you selected Return HTTP response, then provide the following values:
      • Response code: Select the HTTP response.

      • Headers: Enter optional header information:
        • Header name: Enter the name of the header.

          Header value: Enter the associated value of the header.

      • Response page body: Provides details about an error, including the cause and further instructions, if needed.

        Enter the HTTP response body, for example a JSON error response:
        {"code":"403","message":"Forbidden"}

        You can enable Dynamic text support to add variables in the page body. The following variable is supported:

        RequestID

        The request ID can help you with tracking and managing a request by providing a unique request identifier exposed in HTTP request and response headers.

        When the request ID is enabled, the default header name X-Request-Id is included in the HTTP request header from the load balancer to the backend and HTTP header responses.

        The following example provides an HTTP response body with dynamic text support enabled:

        {"code":"403","message":"Forbidden","RequestId":"${http.request.id}"}
  6. Select Add action.
  7. In the Manage actions dialog box, select Save changes.