iRule to deny not working as expected (http 403 response not working)
So, we have been using iRules for many years to manage whitelisting of application access based on incoming source IP and strings in URL. When the request doesn't match, an HTTP 403 response is sent to the user. However, after we upgrade our BiG IP from v11.2.1 to v15.0.1, the 403 response is not working. The iRule itself works correctly to allow/deny access to the application, but the response when the request doesn't match is no longer 403 in the browser, it says "Can’t reach this page", which doesn't look clean as a user. Any ideas why the behavior change in the new version?
(Please don't suggest using Network policy etc, it is just too much of a workload to move hundreds of clients to a new configuration) Let me know how the iRule can be fixed to display the 403 response.
Here's the syntax I use -
when HTTP_REQUEST {
if { ([matchclass [string tolower [HTTP::uri]] contains "XYZ_Strings"]) and !([matchclass [IP::remote_addr] equals "ABC_IPs"]) } {
HTTP::respond 403
}
}