HTTP Monitor Question

Question

Hello: I have an issue with http monitor on my LTM with one the servers. Well, its actually not a server, its Citrix Access Gateway, hardware box. When I set my Pool with http monitor, its not able to see that its UP. What the CAG does is, for any request on http, it sends a 301 response with a https redirect and closes the connection. This is normal behavior. I am not sure how to tweak my monitor to work with this. Here is the raw output that I captured for a simple Get / transaction with IE browser(fiddler). I have seen this in the past with RSA cleartrust protected websites but I got around those by using a test page and excluding that from CT Protection. Any help is greatly appreciated. 
&nbsp;  
&nbsp; GET / HTTP/1.1 
&nbsp; Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* 
&nbsp; Accept-Language: en-us 
&nbsp; UA-CPU: x86 
&nbsp; Accept-Encoding: gzip, deflate 
&nbsp; User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; .NET CLR 1.1.4322; .NET CLR 1.0.3705; .NET CLR 2.0.50727; InfoPath.1; MS-RTC LM 8; MS-RTC EA 2) 
&nbsp; Host: 172.18.6.21 
&nbsp; Proxy-Connection: Keep-Alive 
&nbsp;  
&nbsp; HTTP/1.1 301 Moved Permanently 
&nbsp; Cache-Control: no-cache 
&nbsp; Connection: close 
&nbsp; Accept-Ranges: none 
&nbsp; Location: https://172.18.6.21:443/ 
&nbsp; Content-Length: 0 
&nbsp;  
&nbsp; Thanks, 
&nbsp; Chenna 
&nbsp;

hooleylist · Answer

Hi Chenna, 
&nbsp;  
&nbsp; What do you have the receive string set to when the pool member is being marked down?  If you want to consider the redirect a valid response, you could set the receive string to "301 moved".  bigd parses the full response including the headers looking for the receive string. 
&nbsp;  
&nbsp; Aaron

wowchens · Answer

Hey Aaron: Thanks for the reply. I changed the response string to the same, still no luck. Although I figured if I do GET / HTTP/1.1
 it started working. I guess its required to specify the carriage return and the end to mark the end of the request header. 
&nbsp;  
&nbsp; Any ways, I am all set. Thank you!!

hooleylist · Answer

HTTP v1.1 requires a Host header even if the value is empty.  It would also be good to tell the server that LTM won't re-use the connection using Connection: close. 
&nbsp;  
&nbsp; GET / HTTP/1.1
Host: 
Connection: Close
 
&nbsp;  
&nbsp; It would also be good to set some kind of receive string (like 200 OK or 301 Moved) to ensure that the pool member won't be marked up if it's returning 500 level error codes. 
&nbsp;  
&nbsp; Aaron

wowchens · Answer

That's a good point but most of our stuff is IIS based which will always throw a 401 response for the first request unless Anonymous authentication is used. Other option for the monitor to be more effective is to to have a custom monitor for every web app. If there is a way where we can specify multiple receive strings with an OR operator, that would be nice. Then we can give all response codes except 500 and LTM will mark the member down when its 500. Not sure if this is possible.

hooleylist · Answer

Maybe you could define a generic basic auth account on each web server for monitoring from the BIG-IP?  You could then configure the send string with an auth header. 
&nbsp;  
&nbsp; You can't configure multiple send strings in the same monitor, but you can add multiple monitors to a pool.  You can set a minimum number of checks so theoretically you can add three monitors and set it so the pool member is marked up if it responds to X number of monitors. 
&nbsp;  
&nbsp; You can also add a monitor which will mark the member down if there is a 500 in the response.  You can do this by setting the receive string to 500 - internal server error and enabling the 'reverse' option (mark the member down if the receive string is found in the response). 
&nbsp;  
&nbsp; I think the first option would be the most effective and add the lowest load on LTM and the servers. 
&nbsp;  
&nbsp; Aaron

Forum Discussion

HTTP Monitor Question

5 Replies

Recent Discussions

F5 loadbalancer not working

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Pricing when used with aws waf

F5 terminal - help to run commands - disk space full

import live updates from version x to version y

Related Content

Health monitor question

F5 Connection Mirroring question

HTTP and HTTPS monitor using node.js

HTTP Monitor cURL Basic POST

HTTPS - Monitor SSL Handshake