# Setup Web User Response Pages

CloudGuard WAF protects web servers from attacks when set to **Prevent** mode. It is possible to determine the response returned to the client who initiated the blocked traffic. The response can be a simple HTTP error code, an HTTP redirect message, or a Block page that a user can view in their browser.

## Setup a Web User Response Object

#### Step 1: Go to Policy->Behaviors and create a new Web User Response

If no behavior objects were configured yet you will see the following screen:

![](/files/EBF5w3AMc3VL0Db3OIe6)

Alternatively the following screen with a "New" button at the top is shown:

![](/files/swsKUEpyxhERhtBkBjwC)

#### Step 2: Select the type of the Web User Response and fill the form

Create a unique name for your Web User Response object and select a Type.

There are 3 types of Web User Response objects:

{% tabs %}
{% tab title="Block Page" %}
This option is not a recommended option for CloudGuard WAF protecting Web API assets as it is designed to be seen by human users.

![](/files/WCfUkXtxeYmR9AY4dxNG)

* **Message title:** The title of the web page to be shown to the user sending the malicious traffic
* **Message body:** The Body of the message to be shown to the user.
* **HTTP Response Code:** It is recommended to use a 403 (Forbidden) as a response code.

{% hint style="info" %}
Different browsers behave differently upon receiving different error codes.
{% endhint %}

{% hint style="info" %}
Using the Response code 444 will in fact reset the connection and the Message title and body will not be seen by the user.
{% endhint %}
{% endtab %}

{% tab title="Redirect" %}
![](/files/x2awXEs3pMU76E9W62Lv)

* **Redirect URL:** the client will be redirected to the provided URL where you can provide any customized web page.
* **Add X-Event-Id to header**: When selected the redirect message will include this header with a value that provides an internal reference ID that will match a security log generated by the incident, if log triggers are configured.
  {% endtab %}

{% tab title="Response Code Only" %}
This option is recommended for CloudGuard WAF protecting Web API assets.

![](/files/eh56i5z6h6OykWj7Axsb)

* **HTTP Response Code:** It is recommended to use a 403 (Forbidden) as a response code.

  <div data-gb-custom-block data-tag="hint" data-style="info" class="hint hint-info"><p>Different clients may behave differently upon receiving different error codes.</p></div>

{% endtab %}

{% tab title="Custom Block Page" %}
The **Custom Block Page** option allows you to define a fully customized response that is returned to users when a request is blocked by the WAF. This is useful for branding, user guidance, or providing additional context about the block event.

Unlike the default block page, this option enables you to upload your own HTML content and control the exact user experience.

{% hint style="info" %}
**Note:** This option is primarily intended for browser-based applications. For Web APIs, consider using **Response Code Only** or as API clients do not render HTML pages.
{% endhint %}

<figure><img src="/files/goMQ1exDTTTwdhqOmvye" alt=""><figcaption></figcaption></figure>

#### Parameters

* **Name** – Unique name for the response configuration.
* **Content Type** – Response format (recommended: `text/html`).
* **Upload File** – Custom HTML file to display; include a placeholder for an CHECK\_POINT\_INCIDENT\_ID that will be embedded in the response.
* **HTTP Response Code** – Status code returned to the client (default: `403 Forbidden`).
  {% endtab %}
  {% endtabs %}

## Configure your CloudGuard WAF practice to use the new Web User Response

#### Step 1: Select the assets you wish to use this Web User Response upon event detection

Go to **Policy->Assets** and edit the asset you wish to modify.

Select the **relevant practice** tab and scroll to the bottom.

![](/files/vLGra1Xzsy7E6mddjVVo)

#### Step 2: Select the Web User Response object

Once selected, you will see the object shown as part of CloudGuard WAF Security Practice configuration:

<div align="left"><img src="/files/RDkw5FsTo5LazcnNSuLV" alt=""></div>

#### Step 3: Enforce Policy

Policy is enforced after clicking Enforce in the top banner of the portal.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://waf-doc.inext.checkpoint.com/setup-instructions/setup-web-user-response-pages.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.