You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/web-application-firewall/ag/configure-custom-response-code.md
+16-1Lines changed: 16 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -6,7 +6,7 @@ author: YaakobiEden
6
6
ms.author: edenyaakobi
7
7
ms.service: azure-web-application-firewall
8
8
ms.topic: how-to
9
-
ms.date: 08/24/2025
9
+
ms.date: 11/19/2025
10
10
---
11
11
12
12
# Configure custom response code and body for Azure Application Gateway WAF
@@ -15,6 +15,10 @@ By default, when Azure Web Application Firewall (WAF) on Azure Application Gatew
15
15
16
16
This article shows you how to configure a custom response page when Azure Application Gateway's Web Application Firewall (WAF) blocks a request using the Azure portal. You can also configure custom responses using the [Azure CLI](/cli/azure/network/application-gateway/waf-policy/policy-setting) or [PowerShell](/powershell/module/az.network/new-azapplicationgatewayfirewallpolicysetting).
17
17
18
+
> [!IMPORTANT]
19
+
> Custom response in Azure Application Gateway Web Application Firewall (WAF) is currently in PREVIEW.
20
+
> See the [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/) for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.
21
+
18
22
## Configure a custom response status code and message
19
23
20
24
To customize the response status code and body, take the following steps:
@@ -33,8 +37,19 @@ In this example, we changed the default 403 response code to 429 and set a brief
33
37
34
38
:::image type="content" source="../media/configure-custom-response-code/application-gateway-custom-response.png" alt-text="Screenshot that shows a custom response example.":::
35
39
40
+
## Limitations
41
+
42
+
The following limitations apply when configuring custom responses for Azure Application Gateway WAF:
43
+
44
+
- You can enable up to 20 WAF policies with custom block response status code and body within one Application Gateway.
45
+
- You can use one of the following custom status codes: 200, 403, 405, 406, 429, 990, 991, 992, 993, 994, 995, 996, 997, 998, 999.
46
+
- The maximum size for the custom block response body is 32KB.
47
+
- You must use base64 encoding for the custom block response body when you use Azure Resource Manager (ARM) API.
48
+
- Custom block response status code and body aren't supported on Application Gateway for Containers WAF.
49
+
36
50
## Related content
37
51
38
52
-[Azure Web Application Firewall policy](policy-overview.md)
39
53
-[Create Web Application Firewall policies for Application Gateway](create-waf-policy-ag.md)
40
54
-[Azure Web Application Firewall on Application Gateway](ag-overview.md)
0 commit comments