This detection rule monitors Google Cloud Platform (GCP) access attempts that violate Identity-Aware Proxy (IAP) access controls. The rule is designed to flag unauthorized access attempts that result in a 403 Forbidden status code, indicating that the request was blocked by IAP due to insufficient credentials or permissions. The rule also tracks attempts that result in a 302 Redirect, which, while not a strict violation, may indicate that a redirect was invoked due to user authentication requirements. The detection mechanism relies on HTTP load balancer logs to capture the details of incoming requests, including the remote IP address, request method, URL, response status, and more. The log data is analyzed for specific response codes; a response code of 403 signifies a blocked request that triggers an alert, while 302 indicates a redirect, which may not require action but is still logged for monitoring purposes. The rule operates within a defined threshold, wherein if a certain number of violations occur within a specified timeframe (1 violation within 60 minutes), an alert is generated. This makes it an essential part of security monitoring in GCP environments utilizing IAP.