Forum Discussion
block any URI with status 404 or 403
Hi MustphaBassim,
it is not possible to block a request that will cause a 403 or 404. The BIG-IP can not know the response of the server at request time.
However you can use an iRule to block responses that contain status codes 403 or 404.
Take a look here, there are some examples: https://clouddocs.f5.com/api/irules/HTTP_RESPONSE.html
KR
Daniel
- Daniel_WolfMar 25, 2024MVP
some solutions
1. respond with HTTP 200
when HTTP_RESPONSE priority 500 { if { [HTTP::status] == 403 || [HTTP::status] == 404 } { HTTP::respond 200 -version auto content {<html><head><title>Apologies</title></head><body>Access to this page is currently not possible.</body></html>} noserver } }
2. respond with HTTP 204
when HTTP_RESPONSE priority 500 { if { [HTTP::status] == 403 || [HTTP::status] == 404 } { HTTP::respond 204 -version auto noserver } }
3. respond with TCP reset
when HTTP_RESPONSE priority 500 { if { [HTTP::status] == 403 || [HTTP::status] == 404 } { reject } }
Paulius - I think your suggestions won't work with dynamically generated URLs.
- PauliusMar 26, 2024MVP
Daniel_Wolf you are absolutely correct. Blocking before the server even knows what the request is to respond with a 403 or 404 isn't really something that's possible I don't believe, at least on the initial client request. Your option of modifying the response is the best alternative but still allows the request to make it to the pool member. I think in this instance we really need to know the reason for blocking these requests at the F5 rather than the server so we can come up with the appropriate solution for MustphaBassim but we shall see what they come back with.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com