Good to hear the rule looks good. You could mark a node down using LB::down (
Click here).
It would be good to also configure a monitor which replicates the login process and expects a non-HTTP 400 in order to mark the node up. You can check the LTM config guide for your version to get examples for configuring the send and receive strings for HTTP monitors.
The advantage to also using a monitor is that the pool members will still be polled even when marked down to see if they're responding again. If you mark the pool member down, you need either a monitor or manual intervention to mark it up again.
Aaron