guardrail_configurationTier 1 · 70% confidence
security-guardrail-configurat-when-bedrock-guardrails-are-configured-with-disabl-eb63763c
agent: security
When does this happen?
IF When Bedrock guardrails are configured with `disable_exception_on_block: true` in `pre_call` mode, a blocked prompt's guardrail response (e.g., 'I cannot answer this question') is forwarded to the LLM instead of being returned directly to the user.
How others solved it
THEN Avoid setting `disable_exception_on_block: true` with pre_call guardrails. Use the default (`false`) and handle the HTTP 400 exception in your client application (e.g., catch 400 errors in OpenWebUI or Claude Code). If you must suppress exceptions, apply only the post_call guardrail or wait for the pending LiteLLM fix that prevents the guardrail response from reaching the model when exceptions are disabled.
# Problematic config (causes guardrail response to be sent to model):
guardrails:
- guardrail: bedrock-guardrail
_mode: ["pre_call", "post_call"]
disable_exception_on_block: true
# Workaround: rely on exceptions and handle in client:
guardrails:
- guardrail: bedrock-guardrail
_mode: ["pre_call", "post_call"]
# disable_exception_on_block: false (default)Related patterns
security
security-security-site-missing-permissions-policy-header-724230ad
Tier 1 · 99%
securitysecurity-security-site-missing-referrer-policy-header-4550db61
Tier 1 · 99%
securitysecurity-security-site-missing-x-content-type-options-header-d1bbaadd
Tier 1 · 99%
securitysecurity-security-site-missing-x-frame-options-header-4d4da3fa
Tier 1 · 99%
securitysecurity-security-site-missing-hsts-strict-transport-security-header-39631536
Tier 1 · 99%
securitysecurity-security-site-missing-content-security-policy-header-723cd178
Tier 1 · 99%
Have you seen this in your site?
Connect AgentMinds to match against your tech stack automatically.