You can use the following macros in the block page text:
%DATE%—Date and time of the event.
%APPLICATION%—Name of the application.
%BUILD%—Application build number.
%SERVER_NAME%—Name of the computer on which the HTTP request was processed.
%TYPE%—Type of HTTP message (Request or Response).
%METHOD%—HTTP message method.
%RULE_NAME%—Name of the traffic processing rule that caused the web resource to be blocked.
%THREAT%—Name of the detected malicious object.
%CURED_LIST%—List of threats that were disinfected.
%SCAN_RESULT%—Type of detected threat that poses the most threat among all threats detected in the specific object.
For example, if a virus and a phishing link are detected (av_status="detected" and ap_status="detected") in one object, the virus will be indicated as the value of the macro.
%CATEGORY%—Category of the processed web resource based on its content theme.
%PROCESSING_TIME%—Duration of HTTP message processing.
%WORKSPACE_NAME%—Name of the workspace associated with the processed traffic.
%USER_NAME%—Name of the user account that is the source of the HTTP request.
%USER_AGENT%—Application on the user's computer that initiated the HTTP request (User Agent).
%CLIENT_IP%—IP address of the computer from which the HTTP request was sent.
%URL%—Web address of the forbidden website.
%MIME_TYPE%—MIME type of the HTTP message and its parts.