Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


profile (Application Firewall)


Hierarchy Level


Define the profile of the response to be issued when an application firewall rule set blocks HTTP or HTTPS traffic with a deny or reject action.

Although drop and reject actions are logged, application firewall does not notify users when either action is taken. To provide an explanation for the action or to redirect the users to an informative webpage, you can use the block-message option with the reject or deny action in an application firewall rule.

You can customize the redirect action by including additional text on the splash screen or by specifying a URL to which the user is redirected. To customize the block message, define the type and content in a block message profile defined in the rule set.

Starting in Junos OS Release 18.2R1, the application firewall (AppFW) functionality is deprecated. As a part of this change, the [edit security application-firewall] hierarchy and all the configuration options under this hierarchy are deprecated— rather than immediately removed—to provide backward compatibility and an opportunity to bring your configuration into compliance with the new configuration.



Profile name.

The remaining statements are explained separately. See CLI Explorer.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 12.1X45-D10.