Forum Discussion

Altocumulus

Apr 27, 2021

iRule to deny not working as expected (http 403 response not working)

So, we have been using iRules for many years to manage whitelisting of application access based on incoming source IP and strings in URL. When the request doesn't match, an HTTP 403 response is sent ...

Altocumulus

Apr 27, 2021

Hi Sanjay, thanks for the reply. I tried it, did not work, same response as before even with using content in the syntax.

spalande

Nacreous

Apr 27, 2021

Can you modify iRule to below and test again?

when HTTP_REQUEST {
    if { ([class match [string tolower [HTTP::uri]] contains "XYZ_Strings"]) and !([class match [IP::remote_addr] equals "ABC_IPs"]) } {
  HTTP::respond 403 content "You don't have authorization to view this page. Access Denied" noserver Content-Type text/html Connection Close Cache-Control no-cache
return
	}
}

also, do you have any other iRule on the VIP that's conflicting here?

If this still doesn't work for you, you might want to log a case with F5 support. Meanwhile, you can enable some logging in iRule, capture the tcpdump and ssldump to analyse it.

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)