Need some help with an iRule

I have an iRule that appears to be processing correctly but does not drop my connection when it should. Please help!!

 

 

I have created 2 external data classes and to make this work, I added the US into the blocked_country data class.

 

 

 

when HTTP_REQUEST {

 

Check if country code is a part of the embargoed list

 

log local0.debug "IRule has been triggered"

 

log local0.debug "Connection attempt from country [whereis [IP::client_addr] country]"

 

if { ([class match [whereis [IP::client_addr] country] equals blocked_country]) } {

 

log local0.debug "The [whereis [IP::client_addr] country] is a part of the embargoed list"

 

Country code matched the embargoed list. Check the IP exception list

 

if { ([class match [IP::client_addr] equals ip_exception])} {

 

log local0.debug "[IP::client_addr] Your IP was approved via the exception list"

 

Client IP matched the class, so allow it

 

} else {

 

drop

 

log local0.debug "[IP::client_addr] was NOT approved via the exception list"

 

log local0.debug "Dropping connection" }

 

}

 

else {

 

log local0.debug "[whereis [IP::client_addr] country] Country approved"

 

}

 

}

 

 

This is what it logs:

 

 

 

Mar 8 15:50:36 local/tmm debug tmm[4948]: Rule GEOIP_Final : IRule has been triggered

 

Mar 8 15:50:36 local/tmm debug tmm[4948]: Rule GEOIP_Final : Connection attempt from country US

 

Mar 8 15:50:36 local/tmm debug tmm[4948]: Rule GEOIP_Final : The US is a part of the embargoed country list

 

Mar 8 15:50:36 local/tmm debug tmm[4948]: Rule GEOIP_Final : x.x.x.x was NOT approved via the exception list

 

Mar 8 15:50:36 local/tmm debug tmm[4948]: Rule GEOIP_Final : Dropping connection

 

 

 

And yet, I still get the page that I should not be seeing. What have I got out of place? Should the "drop" be the very last thing?