Forum Discussion
NimbostratusIssue with iRule and display of Block page
Working on a change to an iRule that I have had in place for a brute force attack against a forgot username and password portal. I am now running into issues due to code changes within the application. I was able to launch a blocked page when the user violated the rules. The issue is that they have changed the application and now it uses a java applet for the work. The rules still operate as expected and I am able to block per the rules but now the block page no longer presents itself due to the page not being refreshed. The java applet just puts a warning on the same screen for failures. I need to find a way that I can force the browser to refresh its page when the violation occurs. I have currently tried HTTP:redirect as well as the traditional rendering of the block page straight out of the iRule.
Suggestions are welcome and appreciated.
1 Reply
Michael_JenkinsCirrostratus
From my experience with Java applets and trying to do redirects, I don't know that it's possible unless the functionality is built into the applet to accept a 30x level response.
If you are more concerned about the brute-force attack than the redirect, you could just drop or reject the request when it violates the rules so you don't get unnecessary authentication attempts on your auth server.
See Drop, Discard, Reject for more details on those commands (Drop and Discard are basically the same command. Reject is a little bit different).
