Follow

Creating Custom Threat Response Pages

When enabling threat responses, the Distil platform offers the ability to customize the various threat response pages with your own branding and maintain a consistent user experience on a domain by domain basis. 

These pages are only shown when threat response settings are set to something other than monitor and they are never shown to whitelisted requests, including those from good bots.

The following threat response pages can be customized for all accounts:

  • CAPTCHA – A threat response page displaying a reCAPTCHA based turing test. Returns HTTP status code 405.
  • Block – A threat response page displaying an unblock request form. Returns HTTP status code 416.
  • Drop – A threat response page with no test or action. Returns HTTP status code 456.

Customers with private deployments may also use custom catch-all and error pages.

Please note that if your pages do not return an HTTP Status Code of 200 (or OK) they will not be shown.

Additionally, you can easily integrate your custom pages with Google Analytics to gain visibility into the number of visitors each custom page is receiving.

Creating a Custom CAPTCHA Page

Create a custom HTML page with your domain’s branding. In the area where you would like to display the CAPTCHA form, include the following HTML comment string in the <body> of the your page:

​<!-- DISTIL CAPTCHA FORM -->

Using this comment instructs the Distil node to replace this text with a Google reCAPTCHA form--no additional coding required.

Each response type is limited to one page and cannot access any other pages on your website, such as making an AJAX call or including an alternate page in an IFRAME.

The page can include the CSS, images, and JavaScript from your normal website.

You can control the location and visibility using CSS by placing the comment within a sub element such as a <div>.

For reference, the HTML source generated by the Distil CAPTCHA Form comment is:

<form id="distilCaptchaForm" action="/distil_verify" method="post">
   <noscript>
       <iframe src="https://www.google.com/recaptcha/api/noscript?k=*******" height="300" width="930" frameborder="0"></iframe>
       <textarea name="recaptcha_challenge_field" rows="2" cols="40"></textarea>
       <input type="hidden" name="recaptcha_response_field" value="manual_challenge"/>
   </noscript>
   <script type="text/javascript">var RecaptchaOptions = { theme : 'blackglass' };</script>
   <script type="text/javascript" src="https://www.google.com/recaptcha/api/challenge?k=********"></script> 
   <div id="dCF_complete">
      <input type="hidden" name="RM" value="??" />
      <input  id="dCF_input_complete" type="submit" value="Complete Captcha" />
   </div>
   <div id="dCF_captcha_text">
       You reached this page when attempting to access www.[yourdomain].com/url from 0.0.0.0 on YYYY-MM-DD HH:MM:SS GMT.
   </div>
</form>

 To set up a Custom CAPTCHA page:

  1. Log in to the Distil Portal.
  2. Search for and select the parent Domain or Account you are configuring.
  3. Select Sign Into Account to access the Domains Dashboard.
  4. Select the specific domain you are configuring.

  5. Click Settings in the top banner menu.

  6. Click Custom Pages, within the Protect your content section.

  7. Enter the page's relative link in the URL for custom CAPTCHA page field.
  8. Click Save.
  9. Test your custom CAPTCHA page before moving your page to production.
  10. When you are ready to push your page to production, select Enabled? and click Save.

Test the live page here: http://www.[yourdomain.com]/distil_r_captcha.html. 

Creating a Custom Block Page

Create a custom HTML page with your domain’s branding. In the area where you would like to display the Unblock Request Form, include the following HTML comment string in the <body> of the your page:

​<!-- DISTIL UNBLOCK FORM -->

Each response type is limited to one page and cannot access any other pages on your website, such as making an AJAX call or including an alternate page in an IFRAME.

The page can include the CSS, images, and JavaScript from your normal website.

You can control the location and visibility using CSS by placing the comment within a sub element such as a <div>. 

For reference, the HTML source generated by the Distil Unblock Form comment is:

<form id="distilUnblockForm" method="post" action="http://verify.distil.it/distil_blocked.php">
   <div id="dUF_first_name">
       <label for="dUF_input_first_name">First Name:</label>
       <input type="text" id="dUF_input_first_name" name="first_name" value="" />
   </div>
   <div id="dUF_last_name">
       <label for="dUF_input_last_name">Last Name:</label>
       <input type="text" id="dUF_input_last_name" name="last_name" value="" />
   </div>
   <div id="dUF_email">
       <label for="dUF_input_email">E-mail:</label>
       <input type="text" id="dUF_input_email" name="email" value="" />
   </div>
   <div id="dUF_city" style="display: none">
       <label for="dUF_input_city">City (Leave Blank):</label>
       <input type="text" id="dUF_input_city" name="city" value="" />
   </div>
   <div id="dUF_unblock">
       <input  id="dUF_input_unblock" name="unblock" type="submit" value="Request Unblock" />
   </div>
   <div id="dUF_unblock_text">
       You reached this page when attempting to access www.[yourdomain].com/url from 0.0.0.0 on YYYY-MM-DD HH:MM:SS GMT.
   </div>
   <div id="dUF_form_fields" style="display: none">
       <input type="hidden" name="B" value="??" />               
       <input type="hidden" name="P" value="??" />               
       <input type="hidden" name="I" value="??" />               
       <input type="hidden" name="U" value="??" />               
       <input type="hidden" name="V" value="??" />
       <input type="hidden" name="O" value="??" />
       <input type="hidden" name="D" value="??" />
       <input type="hidden" name="A" value="??" />
       <input type="hidden" name="LOADED" value="YYYY-MM-DD HH:MM:SS" />
       <input type="hidden" id="distil_block_identity_info" name="PB" value="" />
   </div>
</form>

To set up a Custom Block page:

  1. Log in to the Distil Portal.
  2. Search for and select the parent Domain or Account you are configuring.
  3. Select Sign Into Account to access the Domains Dashboard.
  4. Select the specific domain you are configuring.

  5. Click Settings in the top banner menu.

  6. Click Custom Pages, within the Protect your content section.

  7. Enter the page's relative link in the URL for custom block page field.
  8. Click Save.
  9. Test your custom block page before moving your page to production.
  10. When you are ready to push your page to production, select Enabled? and click Save.

Test the live page here: http://www.[yourdomain].com/distil_r_blocked.html.

Creating a Custom Drop Page

A Custom Drop page can be shown as a “hard stop” for any bots attacking your site. Unlike Custom Block and CAPTCHA pages above, there is no need to add additional code to your page. In addition to any content protection settings set to "Drop" within the Distil Portal, your Custom Drop page will also be shown to anyone who triggers an IP, country, or referrer violation. For this reason, we highly recommend allowing your Custom Drop page to be cached by Distil whenever possible.

To set up a Custom Drop page:

  1. Log in to the Distil Portal.
  2. Search for and select the parent Domain or Account you are configuring.
  3. Select Sign Into Account to access the Domains Dashboard.
  4. Select the specific domain you are configuring.

  5. Click Settings in the top banner menu.

  6. Click Custom Pages, within the Protect your content section.

  7. Enter the page's relative link in the URL for custom drop page field.
  8. Click Save.
  9. Test your custom block page before moving your page to production.
  10. When you are ready to push your page to production, select Enabled? and click Save.

Test the live page here: http://www.[yourdomain].com/distil_r_drop.html.

Caching of Custom Threat Response Pages

It's also important to note that the pages fall under the same caching rules as your normal website. If you have pages set to cache, the custom page will be served from cache until it expires.

If the page is not cached or prevents caching, Distil will retrieve it from origin on every bot request that triggers that response. For this reason, we recommend using Cache-Control headers to prevent caching only during testing. Once you've gotten the page looking exactly how you'd like, update the page's Cache-Control headers to allow Distil to cache your new custom pages.

Should these pages become cached and you need to clear them from the Distil cache, you can clear their cache entries using the Distil Portal.

Testing Custom Threat Response Pages

Before going live with your custom pages, it's important that you test them to make sure they have a look and feel in line with your website. Whether you've enabled your custom pages live or not, you can test them at the following example URLs:

Block page

http://www.[yourdomain].com/distil/dev/block.html

CAPTCHA page

http://www.[yourdomain].com/distil/dev/captcha.html

Drop page

http://www.[yourdomain].com/distil/dev/drop.html


As with any change within the Distil system, it can take up to five minutes for these testing URLs to begin showing your updated Custom Threat Response Pages.

Was this article helpful?
2 out of 2 found this helpful
Have more questions? Submit a request

Comments