About agent response codes
Last updated 2024-08-28
Agent response codes indicate the Next-Gen WAF agent's decision to allow or block requests to your web application. Specifically, the 200 agent response code indicates the request should be allowed and agent response codes greater than or equal to 301 indicate the request should be blocked.
You can view the agent response code for an individual request by navigating to the request details page in the Next-Gen WAF control panel or the Request details page in the Fastly control panel for that request.
How agent response codes and HTTP status codes work
When a request is made to your web application, the Next-Gen WAF agent evaluates the request against your active rules and site alerts (also known as workspace alerts) to determine what should happen to the request (e.g., allow or block). Based on the decision, the agent assigns the request an agent response code. The agent sends this code along with the request details to the appropriate entity for your deployment method.
The entity then continues processing the request and sends the requesting client the appropriate HTTP status code. Due to internal business logic, the entity may return a HTTP status code that differs from the agent response code. For example, a request may have a 200 agent response code but a 302 HTTP status code if the entity contains additional logical.
Types of agent response codes
There are two types of agent response codes:
- Custom agent response codes (blocking response codes): codes greater than or equal to 301. These codes indicate a request should be blocked. By default, blocked requests receive a 406 agent response code. However, you can change this default behavior.
- System agent response codes: codes that indicate the request should be allowed or that the request wasn't processed correctly.
Notable agent response codes
Notable agent response codes include:
| Agent response code | Description |
|---|---|
| -2 | Indicates the request wasn't processed correctly. For information on how to troubleshoot this response code, visit our Troubleshooting agent response codes guide. |
| -1 | Indicates the request wasn't processed correctly. For information on how to troubleshoot this response code, visit Troubleshooting agent response codes. |
| 0 | Indicates the request wasn't processed correctly. For information on how to troubleshoot this response code, visit our Troubleshooting agent response codes guide. |
| 200 | Indicates the request should be allowed. This is similar to an HTTP 200 OK response. |
| 301 | Indicates the request should be redirected. Visit Using redirect custom response codes to learn more. |
| 302 | Indicates the request should be redirected. Visit Using redirect custom response codes to learn more. |
| 406 | Indicates the request should be blocked (similar to an HTTP 406 NOT ACCEPTABLE response). By default, all blocked requests return a 406. You can update the default blocking response code from 406 to an alternative custom response code and create rules with a block action to return a specific custom response codes. |
| 499 | Indicates the client closed the connection mid-request. For information on how to troubleshoot this timeout error, visit our Troubleshooting agent response codes guide. |
| 504 | Indicates the gateway did not receive a response from the user’s upstream origin in the allotted time specified. For information on how to troubleshoot this timeout error, visit our Troubleshooting agent response codes guide. |
Do not use this form to send sensitive information. If you need assistance, contact support. This form is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
