Provide an option to block with response code HTTP 403 (Forbidden) rather than 200 (OK) #38
Description
The response code 200 usually indicates a good result. A response of 403 is used to indicate a bad result, typically saying that access is forbidden. There is a good chance that some attack scripts will terminate when they see a 403 response so that the attack process will stop. I suggest that 403 be the default response with an option of falling back to 200. (I expect there are rare cases where an automated scan of web server log files prefers to see 200.)