Deny and Error Handling

The Alert Logic Managed Web Application Firewall (WAF) Deny and Error Handling page includes the following sections. Click on the link to go to the corresponding section to learn more:

To go to the documentation for the previous section of Alert Logic Managed Web Application Firewall (WAF) management integration, see Policy. To go to the documentation for next subsection in the WAF section, see Application Delivery Controller (ADC).

To access the Deny and error handling page in the WAF management interface:

  1. On the left panel, under Services, click Websites.
  2. On the Websites page, click the website you want to manage.
  3. Under WAF, click Deny and error handling.

To save configuration changes or edits you make to any features and options, you must click Save on the lower-right of the section or page where you are making changes. Click apply changes on the upper-left corner of the page, and then click OK. Your changes will not be stored if you do not properly save your changes.

When a request is blocked at the application level, WAF can either close the connection and not respond, send an HTTP error code along with an error message, or redirect the client to a URL.

Deny action

WAF distinguishes between violations that are Query and Authentication. () and Parameter (given value for a known parameter failed the access policy)

URL Policy Violation

Violations related generally to the URL like HTTP method and headers, path and parameter names.

Parameter Policy Violation

Violations related to the content of query parameters.

Authentication Required

Violations related to authentication and authorization.

For each type a Deny Action can be configured.

Deny with [deny type]

Radio button

Display 404 not found or 403 authentication required error message.

When a request is denied the corresponding error page (403 or 404) is displayed.

Default: <selected>
Close connection

Radio button

Close the connection.

When a request is denied WAF simply closes the connection. No response is sent to the offending client.

Default: <not selected>
Redirect

Radio button

Redirect the request.

When a request is denied WAF sends HTTP/302 and a Location redirect HTTP header which redirects the offending client to the URL configured.

Default: <not selected>

Error messages

WAF intercepts error messages from the backend and replaces them with a generic customizable error page. These are also the pages that are displayed If WAF is configured to display an error message when a request is denied.

The error pages are customizable and timed redirects can be inserted.

Document not found (error 40x)

When a request is denied with an error message or if the backend server returns an HTTP error 40x (400 401 402 404 405 406 407 408 409 410 411 412 413 414 415 416 417) the Document not found page is displayed.

Heading

Input field

The heading of the message page.

Valid input

Any string

Default value

Requested URL cannot be found

Message

Input field

The message displayed.

Valid input

Any string not containing html tags.

Newlines are transformed into <br>.

Use [b]text[/b] to put some text in bold typeface.

Use [p]paragraph text[/p] to insert paragraphs.

Default value

We are sorry, but the page you are looking for cannot be found. The page has either been removed, renamed or is temporarily unavailable.

Error

Input field

The error message displayed.

Valid input

Any string

Default value

HTTP 404 Not Found

Nav. back

Input field

The error page contains two navigation buttons. The nav. back button will take the user to the page the user came from.

Valid input

Any string

Default value

Back to previous page

Nav. forward

Input field

The error page contains two navigation buttons. The nav. forward button will take the user to the web site homepage.

Valid input

Any string

Default value

Proceed to homepage

Include redirect text and script

Check box

Enable / disable insertion of timed redirect javascript with corresponding text.

If enabled a redirect text and a piece of javascript displaying a configurable countdown is displayed with the error text configured (above).

Default: <disabled>
Redirect text

Input field

The redirect message displayed.

Valid input

Any string not containing html tags.

Newlines are transformed into <br>.

Use [b]text[/b] to put some text in bold typeface.

Use [p]paragraph text[/p] to insert paragraphs.

Use [countdown] to display countdown.

Use [link]link text[/link] to insert link to configured redirect target server.

Default value

You will be redirected to a an error page in [countdown] seconds. [link]Click here[/link] to be redirected immediately.

Redirect delay

Input field

Idle session timeout specifies tha maximum duration of an idle session before it is dropped resulting in the user being logged out from the web site.

Valid input

A number (integer) in the interval 2 - 3600 (one hour).

Input example

60 - (one minute)

Default value

10

Redirect URL

Input field

The URL to redirect to.

Valid input

A valid URL

Input example

http://sorryserver.mydomain.tld

Default value

none

Alert Logic Managed Web Application Firewall (WAF) text

Read only

Trial license only.

In WAF Trial error messages contains the message Alert Logic Managed Web Application Firewall (WAF) - TRIAL VERSION

Authentication required (error 403)

When a client request fails authentication or resource authorization and the request is denied with an error message or if the backend server returns an HTTP error 403 the Authentication required page is displayed.

Heading

Input field

The heading of the message page.

Valid input

Any string

Default value

Not allowed

Message

Input field

The message displayed.

Valid input

Any string

Default value

Access to the page you are trying to access is restricted to authorized clients. Please contact the site administrator if this is an error.

Error

Input field

The error message displayed.

Valid input

Any string

Default value

HTTP 403 Forbidden

Nav. back

Input field

The error page contains two navigation buttons. The nav. back button will take the user to the page the user came from.

Valid input

Any string

Default value

Back to previous page

Nav. forward

Input field

The error page contains two navigation buttons. The nav. forward button will take the user to the web site homepage.

Valid input

Any string

Default value

Proceed to homepage

Include redirect text and script

Check box

Enable / disable insertion of timed redirect javascript with corresponding text.

If enabled a redirect text and a piece of javascript displaying a configurable countdown is displayed with the error text configured (above).

Default: <disabled>
Redirect text

Input field

The redirect message displayed.

Valid input

Any string not containing html tags.

Newlines are transformed into <br>.

Use [b]text[/b] to put some text in bold typeface.

Use [p]paragraph text[/p] to insert paragraphs.

Use [countdown] to display countdown.

Use [link]link text[/link] to insert link to configured redirect target server.

Default value

You will be redirected to a an error page in [countdown] seconds. [link]Click here[/link] to be redirected immediately.

Redirect delay

Input field

Idle session timeout specifies tha maximum duration of an idle session before it is dropped resulting in the user being logged out from the web site.

Valid input

A number (integer) in the interval 2 - 3600 (one hour).

Input example

60 - (one minute)

Default value

10

Redirect URL

Input field

The URL to redirect to.

Valid input

A valid URL

Input example

http://sorryserver.mydomain.tld

Default value

none

Alert Logic Managed Web Application Firewall (WAF) text

Read only

Trial license only.

In WAF, Trial error messages contains the message Alert Logic Managed Web Application Firewall (WAF) - TRIAL VERSION

Server error (error 50x)

When the backend server returns an HTTP error 50x (500 501 502 503 504 505 506 507) the Server error page is displayed.

Heading

Input field

The heading of the message page.

Valid input

Any string

Default value

Requested URL cannot be found

Message

Input field

The message displayed.

Valid input

Any string

Default value

We are sorry, but the page you are looking for cannot be found. The page has either been removed, renamed or is temporarily unavailable.

Error

Input field

The error message displayed.

Valid input

Any string

Default value

HTTP 502 Bad Gateway

Nav. back

Input field

The error page contains two navigation buttons. The nav. back button will take the user to the page the user came from.

Valid input

Any string

Default value

Back to previous page

Nav. forward

Input field

The error page contains two navigation buttons. The nav. forward button will take the user to the web site homepage.

Valid input

Any string

Default value

Proceed to homepage

Include redirect text and script

Check box

Enable / disable insertion of timed redirect javascript with corresponding text.

If enabled a redirect text and a piece of javascript displaying a configurable countdown is displayed with the error text configured (above).

Default: <disabled>
Redirect text

Input field

The redirect message displayed.

Valid input

Any string not containing html tags.

Newlines are transformed into <br>.

Use [b]text[/b] to put some text in bold typeface.

Use [p]paragraph text[/p] to insert paragraphs.

Use [countdown] to display countdown.

Use [link]link text[/link] to insert link to configured redirect target server.

Default value

You will be redirected to a an error page in [countdown] seconds. [link]Click here[/link] to be redirected immediately.

Redirect delay

Input field

Idle session timeout specifies tha maximum duration of an idle session before it is dropped resulting in the user being logged out from the web site.

Valid input

A number (integer) in the interval 2 - 3600 (one hour).

Input example

60 - (one minute)

Default value

10

Redirect URL

Input field

The URL to redirect to.

Valid input

A valid URL

Input example

http://sorryserver.mydomain.tld

Default value

none

Alert Logic Managed Web Application Firewall (WAF) text

Read only

Trial license only.

In WAF Trial error messages contains the message Alert Logic Managed Web Application Firewall (WAF) - TRIAL VERSION

Lower button bar

Default values

Revert to default values.
Save settings

Click Save settings to save settings.