Learn F5 Technologies, Get Answers & Share Community Solutions Join DevCentral

Filter by:
  • Solution
  • Technology
code share

HTTP / HTTPS syntax Monitor check from CLI

Problem this snippet solves:

When creating monitor, we usually check web site availability with curl.

These commands allow to check if HTTP Monitor send string is correct

How to use this snippet:

from F5 cli (not tmsh) run following commands

Monitor HTTP:

SEND_STRING='Monitor String'
(echo -ne $SEND_STRING; cat) | nc 'Pool Member IP' 'Pool member port'

Monitor HTTPS:

SEND_STRING='Monitor String'
(echo -ne $SEND_STRING; cat) | openssl s_client -host 'Pool Member IP' -port 'Pool member port' -quiet

example:

SEND_STRING='GET / HTTP/1.1\r\nHost: www.company.com\r\nConnection: Close\r\n\r\n'
(echo -ne $SEND_STRING; cat) | nc 1.2.3.4 80

SEND_STRING='GET / HTTP/1.1\r\nHost: www.company.com\r\nConnection: Close\r\n\r\n'
(echo -ne $SEND_STRING; cat) | openssl s_client -host 1.2.3.4 -port 443 -quiet
Tested on Version:
11.6
Comments on this Snippet
Comment made 29-Dec-2017 by Amy003 237

I tried running this on 12.1.1, but it did not do anything. Please suggest.

0
Comment made 29-Dec-2017 by Stanislas Piron 10481

Can you provide the command you tried?

0
Comment made 30-Dec-2017 by Amy003 237

(echo -ne "monitor string"; cat) | nc a.b.c.d xyz

a.b.c.d being the ip address of the pool member xyz being the pool member port

0
Comment made 30-Dec-2017 by Stanislas Piron 10481

I asked to check your monitor string ;-)

0
Comment made 06-Aug-2018 by Ajit 167

Hello Stanislas,

I tried the below command but it just shows me SSL errors. Can you assist?


(echo -ne "GET / HTTP/1.1\\r\\nHost: abc.com\\r\\nConnection: Close\\r\\n"; cat) | openssl s_client -connect 1.1.1.1:443 -quiet

47753692343424:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1293:SSL alert number 40 47753692343424:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:184:

It shows me the above errors after being connected.

Note: I do not have a DNS entry for abc.com in place

Regards,

Ajit

0
Comment made 06-Aug-2018 by Stanislas Piron 10481

Why did you add 2 \ in send string ? did you get it from tmsh which add a second \ in config file?

try this:

(echo -ne "GET / HTTP/1.1\r\nHost: abc.com\r\nConnection: Close\r\n"; cat) | openssl s_client -connect 1.1.1.1:443 -quiet
0
Comment made 06-Aug-2018 by Ajit 167

Same result. I have client MA enabled on 1.1.1.1. What should I do to get past that? Does that matter?

Regards,

Ajit

0
Comment made 10-Aug-2018 by VRI 1

How can I use this command with NTLM authentication? The monitor works in the gui when credentials are specified but I get access denied from CLI.

Thanks,

LM

0
Comment made 4 months ago by Priyanga Kalansuriya 0

Thanks a lot mate! This was a great find!!!

0