HTTP 403 with Irule

this is mine.

[root@ve10:Active] config  b virtual bar443 list
virtual bar443 {
   snat automap
   pool foo
   destination 172.28.19.252:443
   ip protocol 6
   rules myrule
   profiles {
      clientssl {
         clientside
      }
      http {}
      serverssl {
         serverside
      }
      tcp {}
   }
}
[root@ve10:Active] config  b rule myrule list
rule myrule {
   when HTTP_REQUEST {
   if { ([HTTP::host] equals "domain.com") and (not [class match [IP::client_addr] equals group ]) } {
      HTTP::respond 403
   }
}
}
[root@ve10:Active] config  b class group list
class group {
   host 172.28.19.251
}

 client is 172.28.19.253

[root@ve10:Active] config  curl -Ik https://172.28.19.252 -H "Host: domain.com"
HTTP/1.0 403 Forbidden
Server: BigIP
Connection: Keep-Alive
Content-Length: 0

 client is 172.28.19.251

[root@centos251 ~] curl -Ik https://172.28.19.252 -H "Host: domain.com"
HTTP/1.1 200 OK
Date: Tue, 15 Jan 2013 08:32:55 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Sat, 27 Oct 2012 03:22:35 GMT
ETag: "4183f3-59-f28f94c0"
Accept-Ranges: bytes
Content-Length: 89
Content-Type: text/html; charset=UTF-8

odd, just looking at this your settings appear the same, ie the VS having SNAT etc etc...

 

 

Im seeing this

 

 

[root@monty ~] curl -ILk https://test.com

 

curl: (52) SSL read: error:00000000:lib(0):func(0):reason(0), errno 104

 

 

Any Ideas ?

 

would you mind posting your virtual server configuration? have you got the error when not having the irule?

 

 

tmsh list ltm virtual (name)

 

tmsh list ltm pool (name)

 

tmsh list ltm profile client-ssl (name)

 

tmsh list ltm profile server-ssl (name)