# Differences between REJECT Policies Surge has built-in multiple different REJECT policies, with some subtle differences between them: * `REJECT`: Rejects the request; when the connection type is HTTP, an error page will be returned. (This behavior can be controlled by the `show-error-page-for-reject` parameter) * `REJECT-TINYGIF`: Rejects the request; when the connection type is HTTP, it returns a 1px GIF image response. If the connection is of other types, it is disconnected directly. This policy is mainly used for Web ad blocking. * `REJECT-DROP`: Rejects the request; unlike `REJECT`, this policy silently discards the request. Some applications have very aggressive retry logic and will immediately retry when the connection fails, causing a request storm that can waste system resources. {% hint style="info" %} If a large number of requests to a particular hostname trigger the REJECT/REJECT-TINYGIF policy within a short period (the threshold for the current version is 10 times within 30 seconds), Surge will automatically upgrade the REJECT policy to the REJECT-DROP policy. {% endhint %} * `REJECT-NO-DROP`: Generally, it is the same as the `REJECT` policy. The difference is that using this rule will not trigger the automatic upgrade behavior mentioned above. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://kb.nssurge.com/surge-knowledge-base/technotes/reject.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.