Is it possible to change 403 error page on AWS WAF v2?

2.9k views Asked by At

I'm using AWS WAF v2 and ALB for geoblocking, the setup was done and can block the specific country. but is it possible to change the 403 error page on AWS WAF v2 ? currently it's plain text in the middle said 403 Forbidden. Thank you

3

There are 3 answers

0
abc123 On

Yes it is possible to do this using Lambda@Edge. Lambda@Edge is an extension of AWS Lambda, a compute service that lets you execute functions that customize the content that CloudFront delivers. You can author Node.js or Python functions in one Region, US-East-1 (N. Virginia), and then execute them in AWS locations globally that are closer to the viewer, without provisioning or managing servers.

Take a look at: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/lambda-examples.html#lambda-examples-update-error-status-examples

Example: Using an Origin-Response Trigger to Update the Error Status Code to 302-Found from the link above is exactly what you want to set up to redirect your 403 errors coming from the CloudFront origin to custom/different webpage.

0
vjgn On

I know this question was asked over 3 years ago but wanted to post this answer so anyone searching on this topic can find it!

As of March 2021, WAFv2 supports CustomResponse feature that can be used to return a different HTTP code instead of the standard 403. It also allows for sending a custom response body.

https://aws.amazon.com/about-aws/whats-new/2021/03/aws-waf-adds-support-custom-responses/

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-wafv2-webacl-customresponse.html

5
Chris Williams On

Unfortunately there is no way to do this with just WAF and ALB.

If you were to add CloudFront in front (which also supports WAF) you could make use of custom error pages with CloudFront to display a nicer response to the user.