Forum Discussion

DonJR_214047's avatar
DonJR_214047
Icon for Nimbostratus rankNimbostratus
Nov 19, 2015

Help constructing a gtm monitor with a working curl statement

Hi,

 

First, thank you in advance for any assistance with this. This is my first post to DevCentral. I should add we are running 11.5.3 HF2.

 

I am trying to figure out how to use a gtm monitor for the following curl statement against an https URL.

 

curl-apd -k -v --resolve webmail.corp.com:443:10.1.1.1 "https://webmail.corp.com/CookieAuth.dll?GetLogon?curl=Z2F&reason=0&formdir=1"

 

The issue that we have is resolution for host webmail.corp.com returns an external IP, but we want to monitor the above url using an internal IP, reachable from the gtm. Thus the --resolve parameter on the curl statement. I figured once I got a working curl statement the rest would be easy but that has not been the case with this particular monitor.

 

Cheers!

 

Don

 

application delivery
BIG-IP
eav
gtm
LTM

8 Replies

Sort By
  • Brad_Parker_139's avatar
    Brad_Parker_139
    Icon for Nacreous rankNacreous
    Nov 19, 2015

    When you are creating your HTTPS monitor you can use the Alias Address field to put in your internal address that you want your monitor to test.

     

    • Brad_Parker_139's avatar
      Brad_Parker_139
      Icon for Nacreous rankNacreous
      Nov 19, 2015
      Send String "GET /CookieAuth.dll?GetLogon?curl=Z2F&reason=0&formdir=1 HTTP/1.1\r\nHost: webmail.corp.com" Receive String "HTTP/1.1 200 OK" Alias Address 10.1.1.1
  • Brad_Parker's avatar
    Brad_Parker
    Icon for Cirrus rankCirrus
    Nov 19, 2015

    When you are creating your HTTPS monitor you can use the Alias Address field to put in your internal address that you want your monitor to test.

     

    • Brad_Parker's avatar
      Brad_Parker
      Icon for Cirrus rankCirrus
      Nov 19, 2015
      Send String "GET /CookieAuth.dll?GetLogon?curl=Z2F&reason=0&formdir=1 HTTP/1.1\r\nHost: webmail.corp.com" Receive String "HTTP/1.1 200 OK" Alias Address 10.1.1.1
  • DonJR_214047's avatar
    DonJR_214047
    Icon for Nimbostratus rankNimbostratus
    Nov 19, 2015

    Hi Brad,

     

    Thank you for the quick reply. We have tried that, and the issue is that the cert on the server is set up for subject of DNS: webmail.corp.com which does not resolve to 10.1.1.1. Thus the server rejects the URI, and lets us know 10.1.1.1 is not a valid host name.

     

    This situation is sort of like an SNI monitor but not entirely. I have tried using the EAV SNI monitors on Dev Central but can't format them appropriately for this particular URI. One of the issues is escaping out the & which I just placed the entire URL in quotes but you can also place the & in single quotes '&'. I need to not only be able to specify SNI, Response, and URI, but the Node and port as well.

     

    A side from writing my own EAV for this, I was hoping a standard https monitor could be manipulated to work.

     

    I'm at a loss on how to construct this appropriately.

     

    Cheers,

     

    Don

     

    • Brad_Parker's avatar
      Brad_Parker
      Icon for Cirrus rankCirrus
      Nov 19, 2015
      Have you done a tcpdump of the monitor to prove your theory? The monitor about does not send 10.1.1.1 as the host header. The host header is in the end string. Are you saying your server requires SNI? That's a different story.
  • DonJR_214047's avatar
    DonJR_214047
    Icon for Nimbostratus rankNimbostratus
    Nov 19, 2015

    Hi,

     

    I overlooked testing my original GET statement with the updated URI and testing with openssl, it works! It always helps to have a second set of eyes, and I appreciate the help. For anyone else in this situation. Used the https monitor with alias address and port of the internal IP. (10.1.1.1) Then used the below send string looking for a 200 OK response.

     

    GET /CookieAuth.dll?GetLogon?curl=Z2F&reason=0&formdir=1 HTTP/1.1\r\nUser-Agent: Mozilla/4.0\r\nHost: webmail.corp.com\r\n\r\n

     

    Cheers!

     

    Don