aijunpeng
commented
1 year ago Thanks for opening the request. This seems to be out of scope of the security automation solution. The solution offers a starting point for implementing AWS WAF rules. We recommend adding custom rules and leveraging AWS WAF managed rules based on your company’s needs. In addition, the solution is built on top of the features offered by the WAF service and has no control over the features that aren't supported by the service.
Currently only custom webacl rules allow for the use of custom responses (Ability to change response code and html etc.).
The ability to modify the default 403 and change the code and or body of the response and have it apply to all rules including custom and managed rules.
Many organizations prefer to modify security related response and prefer a branded / pretty response.
Thank you!