We are trying to configure an HTTP monitor to monitor a .NET application and mark the member as down if it does not receive the response it expects. The problem is that the first response is a 401 Unauthorized. By putting 401 Unauthorized in the receive string we can cover the service being down, website stopped, or application pool unavailable. However, it does not cover us for when we receive 500 server errors as they are returned after the 401 Unauthorized. Does anyone have a suggestion as to how we can do this using a simple HTTP monitor, or if necessary, an irule/ECV ?

Will the application accept basic authentication? Or does it only use NLTM? If the former, you could include an auth header in the monitor send string. The header name is Authorization and the value should be a base64 encoded user:pass. The send string would be something like: GET /monitor_page.asp\r\nAuthorization: Basic dXNlcjpwYXNz\r\nHost: \r\nConnection: close\r\n If it's NTLM you couldn't use a standard HTTP monitor to authenticate against the application as it requires multiple dynamic HTTP requests to perform the authentication. I think curl supports NTLM auth though, so you could potentially write an external monitor which references curl to do this. Aaron

Here is an example for using curl and NTLM if you do need to use an external monitor: curl --ntlm -k -v -u 'DOMAIN\user:pass' https://www.example.com/login.asp Aaron

Thanks Hoolio, we've tried using your suggestion in conjunction with one of the template scripts we found in devcentral (see below) but we are still unable to get it to work ie. when doing a tcpdump we can see the packets hitting the destination pool member but we keep getting a 401 Unauthorized response. When running the same curl command, with the same logon credentials, locally on the desktop as a test, we get successful communication, ie. curl follows the redirects correctly and eventually receives a 200 OK. We placed the script in the /usr/bin/monitors folder and referenced it in the monitor template via the GUI, specifying the variables "URI = /" and "RECV = HTTP/1.1 200". Using this as the only monitor for the pool, the two members are shown as marked down. Anyone have any ideas ? remove IPv6/IPv4 compatibility prefix (LTM passes addresses in IPv6 format) IP=`echo ${1} | sed 's/::ffff://'` PORT=${2} PIDFILE="/var/run/`basename ${0}`.${IP}_${PORT}.pid" kill of the last instance of this monitor if hung and log current pid if [ -f $PIDFILE ] then kill -9 `cat $PIDFILE` > /dev/null 2>&1 fi echo "$$" > $PIDFILE send request & check for expected response curl -L -b cookie.txt -c cookie.txt --ntlm -k -v -u domain\username:password http://${IP}:${PORT}${URI} | grep -i "${RECV}" 2>&1 > /dev/null mark node UP if expected response was received if [ $? -eq 0 ] then echo "UP" fi rm -f $PIDFILE exit

What do you see if you call the shell script manually using valid parameters for the script? Aaron

I'm having a similar problem with an external monitor using the script and NTLM. From an SSH login to the LTM I'm able to input my command and watch the "200 OK" response come up after the initial "401 Unauthorized" happens -- the LTM just tries a second time and is successful. My command is like this: curl --ntlm -k -v -u 'MYDOMAIN\USER:' http://SERVER-FQDN/pages/default.aspx -H "Host: SERVER" I had to put the "--ntlm" as just "-ntlm" would keep trying to send the authentication in basic instead. When I used the script, I modified the "HTTP Monitor_c URL_ GET With Host Specific Headers" script with the IP and host name in my situation, and subbed in the curl NTLM command but left the grep portion as written. I added the URI portion and RECV portion to the monitor via the GUI. As soon as I have the RECV portion filled in, the node is marked as down. I end up with the same result no matter if I use the IP of the site or the FQDN. I feel like I'm close to having things work, but would love any input! This is my first stab at an external monitor with NTLM, so it's been a learning experience. Thanks much -- Sam

HTTP Monitor that follows redirects

27 Replies

Dbow_21284
Nimbostratus
Jul 13, 2009
OK well getting better. I realized that there were hard returns and tabs at end of lines 3 and 5 and 11 in my previous post of results.

BUt now I got one last weird one ... so close ... I get unexpected EOF!

[admin@dmzlb1:Active] ~ sh -x /usr/bin/monitors/NTLM_Auth_Intranet 10.10.185.39 80

++ echo 10.10.185.39

++ sed s/::ffff://

+ IP=$'10.10.185.39\r'

+ PORT=$'80\r'

++ basename /usr/bin/monitors/NTLM_Auth_Intranet

+ PIDFILE=$'/var/run/NTLM_Auth_Intranet.10.10.185.39\r_80\r.pid\r'

/usr/bin/monitors/NTLM_Auth_Intranet: line 22: syntax error: unexpected end of file

There is no line 22! And there are no returns or any characters after "exit" on line 21 .... weird!

Its like its expecting something else ....
Dbow_21284
Nimbostratus
Jul 13, 2009
Do you guys use any special scripting development tool?

I am just using Notepad ... should be fine I figured.
Dbow_21284
Nimbostratus
Jul 15, 2009
Anyone have any ideas on the EOF issue?
Dbow_21284
Nimbostratus
Jul 15, 2009
OK I ran another test. If I take the "exit" out of the last line, line 21, I get the same thing, unexpected EOF.

Its like I need something to terminate the script or something. Any ideas?
Dbow_21284
Nimbostratus
Jul 15, 2009
Ok I figured out my issue. It was not working with Notepad. I copied the script over to the LTM using WinSCP and then opened with pico and edited the file. Now it works.

So I should have just used LInux editor to begin with. My noobescence is showing.

Thanks for all the help guys.
hooleylist
Cirrostratus
Jul 16, 2009
That's some good perseverance. I'm glad you got it working and shared the solution.

Aaron
dennypayne
Employee
Jul 16, 2009
Yeah Notepad is usually the worst offender when it comes to mangling Unix-style scripts...

Denny

Forum Discussion

HTTP Monitor that follows redirects

27 Replies

Recent Discussions

F5Access | MacOS Sonoma

Inquiry on F5's Maintenance Mode Feature for Pool Members

BIG-IP Next

GTM Design | LTM+ ASM+GTM on same VM

F5 APM with OIDC Web Duo Prompt

Related Content

Anchor Link Redirect

Health monitor question

F5 BIG-IP Bot Defense - Previous Request and Follow Up Request

url redirect

HTTP Monitor