Using Custom Pages with HTTP and HTTPS

Distil lets you customize automated response pages to fit the style of your brand. Customizing your pages is an easy process, although you must also configure the way they are served to requests.

By default Distil currently uses unencrypted HTTP requests when fetching custom pages from the URL configured in the Portal. If your custom pages can only be fetched over HTTPS, please contact the Distil support team for assistance with the required configuration to accommodate this requirement.

(NOTE: We are developing a platform behavioral change such that if your site uses HTTPS, your custom pages are automatically fetched the same way.)

Once the HTTP/HTTPS connection is successful and the origin server issues a HTTP 200 response, Distil injects a CAPTCHA or block form and/or trace information, and proxies the custom pages back to the browser.

In cases we receive a response other than HTTP 200 from the origin, we serve the default threat response page to the browser. Possible scenarios that could cause this include:

  • Origin server sends a redirect to the HTTPS version of the custom page – This could be done in the form of an HTTP 301 redirect. Since this is not the expected HTTP 200 response code, Distil serves the default custom page.

  • Origin server redirects the request to another domain – This could be a request on a root domain (e.g., which has a custom CAPTCHA page configured on /captcha.html. In this case, if Distil tries to fetch the custom page from and receives a redirect to, we serve the default CAPTCHA page to the browser.
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request