Forum Discussion

andrew_deackes_'s avatar
andrew_deackes_
Icon for Nimbostratus rankNimbostratus
Apr 23, 2015

HTTPS Monitor not working as expected

Hi,

 

I'm having trouble with a HTTPS monitor and was after some advice. The monitor is configured as follows:

 

monitor ars-status-https { defaults from https recv "ServiceUp" send "GET /status.htm HTTP/1.1\r\nHost: \r\nConnection: Close\r\n\r\n" }

 

however it's marking the pool members as down. If I browse to that URL I get the expected response which contains "ServiceUp" string. And if I test from the CLI of the LTM I also see the expected response, for example using curl:

 

time curl -k

ÿþhttp://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

 

ServiceUp

 

 

real 0m0.033s user 0m0.016s sys 0m0.008s

 

So any ideas on why this might be failing? Or suggestions on troubleshooting it further? For now we have got the nodes marked as up using the default iis start page on the health check instead but want to get this working on the service status page.

 

thanks

 

Andy

 

application delivery
availability
LTM
monitor

6 Replies

Sort By
  • What_Lies_Bene1's avatar
    What_Lies_Bene1
    Icon for Cirrostratus rankCirrostratus
    Apr 23, 2015

    You have specified the Host: header in your send string but left it blank; I don't think a blank value is valid in HTTP/1.1.

    Have you tried using the 

    [tmsh] run util test-monitor
    command to test from the CLI?

    Also, use 

    curl -v
    and see if curl is providing a Host: value.

  • andrew_deackes_'s avatar
    andrew_deackes_
    Icon for Nimbostratus rankNimbostratus
    Apr 23, 2015

    Hi,

    so with curl -v I can see the host value is provided, see this snippet:

    > GET /status.htm HTTP/1.1
> User-Agent: curl/7.15.5 (i686-redhat-linux-gnu) libcurl/7.15.5 OpenSSL/0.9.8b zlib/1.2.3 libidn/0.6.5
> Host: XXXXXXXXX
> Accept: */*
>
< HTTP/1.1 200 OK
< Content-Type: text/html
< Last-Modified: Thu, 23 Apr 2015 10:32:09 GMT
< Accept-Ranges: bytes
< ETag: "16a183c0b07dd01:0"
< Server: Microsoft-IIS/8.5
< X-Powered-By: ASP.NET
< Date: Thu, 23 Apr 2015 10:32:19 GMT
< Content-Length: 508

    I can't use the tmsh command as we are currently still on a 10.24 release. Command looks useful though and should come in handy once we get upgraded later this year.

    thanks

    Andy

    • What_Lies_Bene1's avatar
      What_Lies_Bene1
      Icon for Cirrostratus rankCirrostratus
      Apr 23, 2015
      OK, cool. So I assume you'll add it to your send string and all will be well?
  • andrew_deackes_'s avatar
    andrew_deackes_
    Icon for Nimbostratus rankNimbostratus
    Apr 23, 2015

    so I've tried specifying the host field in the monitor and no joy. Also treid removing host from the send string and just sending the get:

     

    GET /status.htm

     

    and again no change, still marked as down. :-(

     

  • nitass's avatar
    nitass
    Icon for Employee rankEmployee
    Apr 23, 2015

    can you try tcpdump?

    start tcpdump before assigning monitor to pool. also, you need server's private key to decrypt tcpdump output file.

     tcpdump -nni 0.0:nnn -s0 -w /var/tmp/output.pcap host x.x.x.x and host y.y.y.y and port zzz -v

x.x.x.x is non-floating selfip on pool member vlan
y.y.y.y is pool member ip
zzz is pool member port
  • andrew_deackes_'s avatar
    andrew_deackes_
    Icon for Nimbostratus rankNimbostratus
    Apr 23, 2015

    thanks all, issue was down to bad formatting on the status page, had extraneous full stops:

     

    .<.h.e.a.d.>. . .<.t.i.t.l.e.>.H.T.M.L. .T.A.B.L.E.<./.t.i.t.l.e.>. . .<./.h.e.a.d.>.<.b.o.d.y.>. . .S.e.r.v.i.c.e.U.p. . .<.t.a.b.l.e.>. . .<./.t.a.b.l.e.>. . .<./.b.o.d.y.>.<./.h.t.m.l.>.

     

    once the web team fixed that it is working perfectly.

     

    cheers