For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

avnishvyas_1974's avatar
avnishvyas_1974
Icon for Nimbostratus rankNimbostratus
Apr 17, 2015

Custom Health Monitor issue partially working, Whats missing?

Hello people. I am having some trouble with a customer health monitor whereby im not getting the correct response from the Server even though my Health Monitor is checking out green.

 

Can anyone see whats wrong? I have been focusing on the return string below but I keep seeing the same results despite whatever I change. Any suggestions would be most welcomed.

 

b monitor HTTP_80_80s_PlayIQ list monitor HTTP_80_80s_PlayIQ { defaults from http recv "Apache" send "GET /oasis-test1/services/playIQService\r\n" }

 

I have tried different words for the return string as the Server can spit back anything but will always contain the word Apache, However when we do a Get from the F5 from a telnet on port 80 i get the following message:

 

telnet 172.24.172.86 80 Trying 172.24.172.86... Connected to 172.24.172.86 (172.24.172.86). Escape character is '^]'. GET / http://www.w3.org/1999/xhtml1-strict.dtd"> http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

 

Connection closed by foreign host.

 

From the Server I have issued a -curl command and can see that the request is not completing successfully. /postercurl -v --cert ccpostertestcer01.pem --key ccpostertestkey01.pem --cacert /home/venus/dds/test/ddscr/SVRSecureG3.pem '/services/playIQService/v1/slots?$filter=panelId%20eq%20159859'

 

  • About to connect() to xxxxxx.com port 443 (0)
  • Trying x.x.x.x... connected
  • successfully set certificate verify locations:
  • CAfile: /home/venus/dds/test/ddscr/SVRSecureG3.pem CApath: /etc/ssl/certs
  • SSLv3, TLS handshake, Client hello (1):
  • SSLv3, TLS handshake, Server hello (2):
  • SSLv3, TLS handshake, CERT (11):
  • SSLv3, TLS handshake, Request CERT (13):
  • SSLv3, TLS handshake, Server finished (14):
  • SSLv3, TLS handshake, CERT (11):
  • SSLv3, TLS handshake, Client key exchange (16):
  • SSLv3, TLS handshake, CERT verify (15):
  • SSLv3, TLS change cipher, Client hello (1):
  • SSLv3, TLS handshake, Finished (20):
  • SSLv3, TLS change cipher, Client hello (1):
  • SSLv3, TLS handshake, Finished (20):
  • SSL connection using RC4-SHA
  • Server certificate:
  • subject: C=US; ST=Texas; L=San Antonio; O=xxxxx xxxxxx Communications; OU=Terms of use at www.verisign.com/rpa (c)05; CN=*.
  • start date: 2014-04-28 00:00:00 GMT
  • expire date: 2017-05-27 23:59:59 GMT
  • subjectAltName: xxxxxxx.com matched
  • issuer: C=US; O=VeriSign, Inc.; OU=VeriSign Trust Network; OU=Terms of use at https://www.verisign.com/rpa (c)10; CN=VeriSign Class 3 Secure Server CA - G3
  • SSL certificate verify ok.

GET / HTTP/1.1 User-Agent: curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 zlib/1.2.3.4 libidn/1.23 librtmp/2.3 Host: xxxx.xxxx.com Accept: /

 

  • SSL read: error:00000000:lib(0):func(0):reason(0), errno 104
  • Closing connection 0

4 Replies

  • Kevin_Davies_40's avatar
    Kevin_Davies_40
    Icon for Nacreous rankNacreous
    Apr 17, 2015

    Just a guess but are you using virtual hosting? If so make sure your test request includes a Host: header or it will return unexpected results.

    In your telnet session type the following, it will not echo back to you so be careful. means press enter a blank line. Replace www.webpage.com with your site name.

    GET / HTTP/1.1
Host: www.webpage.com
  • avnishvyas_1974's avatar
    avnishvyas_1974
    Icon for Nimbostratus rankNimbostratus
    Apr 17, 2015

    Hi there Kevin This is not a Virtual host this is a physical box which are already running other WEB Url Services They have added another service. I have tried your command but im not getting anything back. It seems the request just hangs there and eventually closes

     

    [ukcci1avy@EDC-1600-F5-2:Active] log telnet 172.24.172.86 80 Trying 172.24.172.86... Connected to 172.24.172.86 (172.24.172.86). Escape character is '^]'. GET / HTTP/1.1 Host.com Connection closed by foreign host.

     

    • Kevin_Davies_40's avatar
      Kevin_Davies_40
      Icon for Nacreous rankNacreous
      Apr 17, 2015
      Is the curl ibeing done from the same F5 to the same port and ip as the pool member?
    • avnishvyas_1974's avatar
      avnishvyas_1974
      Icon for Nimbostratus rankNimbostratus
      Apr 17, 2015
      Hi Kevin No the -curl command is being issued by the Back end server which is the same server all the requests will be going to. Anyway I have decided to drop the Custom Health monitor. and use the standard HTTP monitor. which is working fine see output below following the -curl command venus@venusdr:~/posterscope$ curl -v --cert ccpostertestcer01.pem --key ccpostertestkey01.pem --cacert /home/venus/dds/test/ddscr/SVRSecureG3.pem 'https://playiqtest.clearchannel.com/services/playIQService/v1/slots?$filter=panelId%20eq%20159859' * About to connect() to xxxxxxxxxxxx.com port 443 (0) * Trying aa.bb.cc.dd... connected * successfully set certificate verify locations: * CAfile: /home/venus/dds/test/ddscr/SVRSecureG3.pem CApath: /etc/ssl/certs * SSLv3, TLS handshake, Client hello (1): * SSLv3, TLS handshake, Server hello (2): * SSLv3, TLS handshake, CERT (11): * SSLv3, TLS handshake, Request CERT (13): * SSLv3, TLS handshake, Server finished (14): * SSLv3, TLS handshake, CERT (11): * SSLv3, TLS handshake, Client key exchange (16): * SSLv3, TLS handshake, CERT verify (15): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSL connection using RC4-SHA * Server certificate: * subject: C=US; ST=Texas; L=San Antonio; O=Clear Channel Communications; OU=Terms of use at www.verisign.com/rpa (c)05; CN=*.xxxxxxxx.com * start date: 2014-04-28 00:00:00 GMT * expire date: 2017-05-27 23:59:59 GMT * subjectAltName: xxxxxx.xxxxxxx.com matched * issuer: C=US; O=VeriSign, Inc.; OU=VeriSign Trust Network; OU=Terms of use at https://www.verisign.com/rpa (c)10; CN=VeriSign Class 3 Secure Server CA - G3 * SSL certificate verify ok. > GET /services/playIQService/v1/slots?$filter=panelId%20eq%20159859 HTTP/1.1 > User-Agent: curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 zlib/1.2.3.4 libidn/1.23 librtmp/2.3 > Host: playiqtest.clearchannel.com > Accept: */* > < HTTP/1.1 200 OK < Server: Apache-Coyote/1.1 < Date: Fri, 17 Apr 2015 14:20:36 GMT < Content-Type: application/json < Content-Length: 661 < * Connection 0 to host playiqtest.clearchannel.com left intact * Closing connection 0 * SSLv3, TLS alert, Client hello (1): {"slotList":{"skip":0,"top":1,"size":1,"slots":{"slot":{"panelId":159859,"validFrom":13102011,"validTo":"09122014","district":"0107","districtName":"CAMDEN","contractor":"014","siteNo":"0085","panelNo":"03 ","size":"RD6","sizeDescription":"ROADSIDE DIGITAL SIX SHEET","format":"RD6","address":"Finchley Road o\/s Frognal Stn N\/O Lythos Road","postcode":"NW3 6EP ","latitude":51.55033143939,"longitude":"-0.18313050270","tvArea":"CARLTON","conurbation":"GREATER LONDON","product":17,"productName":"DIGITAL ROADSIDE","type":"DIGITAL SHELTER","position":"Inside","siteType":"Roadside","frameId":1234841813,"href":"\/services\/playIQService\/v1\/slots\/159859"}}}}venus@venusdr:~/posterscope$