Changing 403 to a 302 response based in incoming User-Agent?

Question

We have uncovered an unexpected 'feature' in Microsoft SharePoint that's causing us some problems. Specifically, if SharePoint detects a non-browser client attempting to access a secured page on a site using Forms Authentication, it will return a 403 response rather than the normal 302 redirection to the forms logon page. 
&nbsp;  
&nbsp; The problem is, SharePoint's definition of a non-browser client is anything without 'Mozilla' in the User-Agent string.  And unfortunately, many of the mobile browsers on the market don't send 'Mozilla' anywhere in their UA string. I am wondering if this is something I can take care of in LTM.  If the server is attempting to send a 403 response to the client and if the client's UA string does not contain 'Mozilla', I would like to modify that response to be a 302 redirection to the logon page (/_layouts/login.aspx?ReturnUrl=. 
&nbsp;  
&nbsp; Is there a way I can tie a request coming in that doesn't have Mozilla as the user agent and wait for the response to see if it's a 403 and then do the redirect using an iRule? 
&nbsp;  
&nbsp; DB.

hoolio · Answer

Hi DB, 
&nbsp;  
&nbsp; I think there is an MS hotfix for this.  If that hotfix doesn't look correct, it might be easier to just insert mozilla in the user-agent string if it's not there already.  Or you could implement the logic you've described.  Let us know whether you want some example iRules. 
&nbsp;  
&nbsp; You cannot view a forms-based authentication Windows SharePoint Services 3.0 site if you have Office Live Update 1.2 for Microsoft Office Live Workspace installed  
&nbsp; http://support.microsoft.com/kb/972535/ 
&nbsp;  
&nbsp; Aaron

Forum Discussion

Win Big in Vegas: The iRules Contest is back with $5k on the line at AppWorld 2026

Jürgen - February 2026 Featured Member

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

DNS topology not distributing as expected

Unable to Forward APM and AFM Logs to AWS CloudWatch Using Telemetry Streaming

which virtual server will be hit?

Questions on device trust

Restore configuration to GTM Sync Group device

Related Content

Introduction of Incident Response

F5 NGINX API Gateway: Simplify Response Manipulation

change content type for specific uri in http response

User-Agent Irule to avoid APM policy

custom response page for api

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS