We are using IPDR which is working perfectly in the sense that its blocking what we are expecting it to block and allowing those things it should allow. What we are baffled with though is why its returning the status code it is to the client (500).
<location path="pathtoblock">
<system.webServer>
<security>
<ipSecurity allowUnlisted="false" denyAction="NotFound" >
<clear/>
<add allowed="true" ipAddress="127.0.0.1" />
<add allowed="true" ipAddress="192.168.1.1" />
</ipSecurity>
</security>
</system.webServer>
</location>
As you can tell from above we are using the denyAction="NotFound". So understandably so we are expecting a 404 error but we are receiving a 500 error and an error message in the browser of "The page cannot be displayed because an internal server error has occurred." I checked the IIS Log:
date time s-ip cs-method cs-uri-stem cs-uri-query s-port cs-username c-ip cs(User-Agent) cs(Referer) sc-status sc-substatus sc-win32-status time-taken
2015-11-18 18:06:25 192.168.1.2 GET /pathtoblock - 443 - 192.168.1.3 Mozilla/5.0+(Windows+NT+6.3;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/46.0.2490.86+Safari/537.36 - 404 503 5 62
Why aren't we receiving a 404 like expected?
