Forum Discussion
Tom_Bortels_112
Nimbostratus
Nimbostratusreject not rejecting?
I have to be missing something simple here... setting up a new irule to do a simple whitelist. Here's the whole thing (stolen shamelessly from somewhere else on DevCentral):
when HTTP_REQUEST {
...
nitass_89166
Noctilucent
Noctilucentthe irule is executing, but the "reject" isn't seemingly rejecting. I tried "discard" and "drop", same behavior.
can you try CLIENT_ACCEPTED instead of HTTP_REQUEST?
HTTP::respond gave me back an error about HTTP or ICAP profiles that I can't seem to find any docs on.
have you assigned http profile to the virtual server?
Tom_Bortels_112Nimbostratus
NimbostratusCLIENT_ACCEPTED has the same behavior - it logs that the connection is denied, but I still get back the content to the client.
The virtual server profile is "fasthttp" - the only one visible in the dropdown. Here's the actual config (slightly censored):
ltm virtual /Common/test {
description "test for bortels"
destination /Common/63.xx.xx.xx:80
ip-protocol tcp
mask 255.255.255.255
pool /Common/testweb
profiles {
/Common/fasthttp { }
}
rules {
/Common/trusted_ips_only
}
source 0.0.0.0/0
translate-address enabled
translate-port enabled
}
