I am attempting to setup a health monitor for our mobile banking IIS web servers. I am just attempting to to get to the login page, and look for text - like "username" for example.
The GET request seems simple enough, but after duplicating it on the BIG-IP via the command line using CURL, I'm getting a 403 Forbidden error message. This is strange because the page does not require a login to get to it.
Using Fiddler to examine the page through my web browser (which works fine) I'm seeing the following data:
GET /User/MobileAccessSignin/Username//r//n HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36
Here's the CURL command I'm using: (I'm using 184.108.40.206 as the node IP address.)
curl --user-agent "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.116 Safari/537.36" http://220.127.116.11:80/User/MobileAccessSignin/Username
Any assistance would be great!
Thank you, James!
There is a difference in the versions. I'm running 7.50.3 on my workstation and the BIG IP is running 7.19.7.
Would upgrading the version of CURL on the F5 impact how the monitor works? Seems like a 3rd party app. It also seems to be coinciding with the actual functionality of the monitor - when I set the Receive String to an HTTP 403, it behaves as I expect it to (it keeps them in the pool.)
The F5 monitors do not use curl natively. What are you trying to accomplish? Do you want to use the built-in F5 monitor to monitor your webserver?
If so, don't worry about the version of curl, follow the link I posted to try and create a functioning HTTP 1.1 monitor.
In the send string, you'll want something like this:
GET /User/MobileAccessSignin/Username HTTP/1.1\r\nHost: 18.104.22.168\r\nConnection: Close\r\n\r\n
It possibly wants more HTTP1.1 data. See this solution for how to craft an HTTP 1.1 request which could include a Host header. I've seen many servers not take requests unless they were 1.1 and had a Host header.
Thank you for the quick reply!
I've reviewed several commands and gone through several experiments now. Something I'm seeing is that the exact same command from my workstation actually produces the expected results.
For example, the following - when run from the F5 - produces a 403, but when run on my windows workstation actually produces .html code on screen.
I'm just confused as to what is making the F5 so unique. And, I can confirm that the F5 is seeing the error because when I set the Receive string to be the 403 message, it keeps my test system in the pool.
Again, thank you for your time!
If you're getting the error when just running the CLI curl command on the F5, then you should compare versions of curl to your home machine.
Since curl is a separate program, I can't comment much on that.
Check which version of curl is on the BIG-IP. According to this, https://curl.haxx.se/docs/manpage.html
it started defaulting to HTTP 1.1 in curl 7.33
Maybe your BIG-IP has an older version?
I'm trying to use the built in HTTP monitor to call the login page and look for certain words on that page - just to ensure that my IIS server is serving up content. We use these health monitors in many places - but there's something unique about this particular one. This is why I'm going down the CURL path - I'm trying to determine exactly what the F5 is seeing - and the evidence is that both the CURL command and the F5 GET commands are seeing a 403 message.
Additionally, when I use the F5 CLI and TELNET to the webserver node in question, then enter the following code, I get the same 403. At least there's consistency.
[root@CLEVP-HLB01:Active:In Sync] log # telnet 22.214.171.124 80
Connected to 126.96.36.199.
Escape character is '^]'.
## THIS IS THE STUFF I ENTERED AT THE CONSOLE##
GET / HTTP/1.1
## PRESSED ENTER TWICE##
HTTP/1.1 403 Forbidden
Date: Tue, 27 Sep 2016 14:23:44 GMT
I am using 11.6.0 HF6 on a 1600 series BIG-IP.
Except, when I run the same TELNET command from my workstation, I get a different result:
HTTP/1.1 200 OK
Last-Modified: Mon, 24 Jun 2013 18:09:24 GMT
Date: Tue, 27 Sep 2016 14:35:59 GMT
<meta http-equiv="refresh" content="0;url=/User">
I'm failing to understand how the telnet command on my workstation can differ from the utils on the F5.
I'm mainly trying to confirm what the F5 is seeing at this point in time.
All the best,
I want to thank you for your time on this issue. I spoke with F5 technical support, and we found the cause. We were able to confirm that the IIS server was in the fact the one causing the 403 message - and in fact was blocking the self-IP address of the F5.
What was throwing us off was that a SNAT IP was configured - and as long as the traffic originated from the SNAT IP (i.e. any client that traversed the VIP) - it got to the server node. But if the traffic originated from the self-IP (health monitors, me running stuff from the CLI) then it was blocked by the IIS service. Since my workstation was not in the DENY list, I was able to get to the box just fine from my console.
Hope this helps someone someday.