Forum Discussion
Cirrusblock any URI with status 404 or 403
MVPHi MustphaBassim,
it is not possible to block a request that will cause a 403 or 404. The BIG-IP can not know the response of the server at request time.
However you can use an iRule to block responses that contain status codes 403 or 404.
Take a look here, there are some examples: https://clouddocs.f5.com/api/irules/HTTP_RESPONSE.html
KR
Daniel
MVPsome solutions
1. respond with HTTP 200
when HTTP_RESPONSE priority 500 {
if { [HTTP::status] == 403 || [HTTP::status] == 404 } {
HTTP::respond 200 -version auto content {<html><head><title>Apologies</title></head><body>Access to this page is currently not possible.</body></html>} noserver
}
}2. respond with HTTP 204
when HTTP_RESPONSE priority 500 {
if { [HTTP::status] == 403 || [HTTP::status] == 404 } {
HTTP::respond 204 -version auto noserver
}
}3. respond with TCP reset
when HTTP_RESPONSE priority 500 {
if { [HTTP::status] == 403 || [HTTP::status] == 404 } {
reject
}
}
Paulius - I think your suggestions won't work with dynamically generated URLs.
- Paulius
Daniel_Wolf you are absolutely correct. Blocking before the server even knows what the request is to respond with a 403 or 404 isn't really something that's possible I don't believe, at least on the initial client request. Your option of modifying the response is the best alternative but still allows the request to make it to the pool member. I think in this instance we really need to know the reason for blocking these requests at the F5 rather than the server so we can come up with the appropriate solution for MustphaBassim but we shall see what they come back with.
