For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

john4665f5's avatar
john4665f5
Icon for Nimbostratus rankNimbostratus
Apr 26, 2016

Default HTTP/HTTPS monitor acceptable HTTP status codes?

Hello,

 

I've been digging through F5's LTM documentation, but I am not able to find anything solid on the default acceptable HTTP/HTTPS monitor status codes. What is the LTM expecting back using the default HTTP/HTTPS monitors from the servers residing in a pool or directly associated with the node?

 

Thank you, John

 

application delivery
LTM

8 Replies

  • Theo_12742's avatar
    Theo_12742
    Icon for Cirrus rankCirrus
    Apr 26, 2016

    While it's not well documented, the HTTP monitor will accept any response (including 302's). However, you can control this behavior by using RegEx in the Receive String. For example, I use the following (and use HTTP >= 1.0):

     

    ^HTTP.1\.[0|1]\s([2|3][0-9][0-9])

    Which marks the monitor as up for any HTTP code 200-399.

     

    • john4665f5's avatar
      john4665f5
      Icon for Nimbostratus rankNimbostratus
      Apr 26, 2016
      Hello Theo, Thank you for the response. I've tested a 302 response and the node was marked down, but a 301 works just fine. I didn't get a chance to look further into like the bigd debugs, but I wonder if it was because the response was "302 Found" instead of a typical 302 temporary redirect. Just to clarify the reason for this question is not how to make the node available, I can modify the send/recv strings in a child monitor to pass the host header, 302, etc. and mark it up, but just curious as to what the default expected responses are. Thank you, John
    • Theo_12742's avatar
      Theo_12742
      Icon for Cirrus rankCirrus
      Apr 26, 2016
      If that's the case, then I'll point you to the LTM monitors reference (https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/ltm-monitors-reference-11-5-0/3.htmlunique_475041279): "Note: If you do not specify both a Send String and a Receive String, the monitor performs a simple service check and connect only."
    • john4665f5's avatar
      john4665f5
      Icon for Nimbostratus rankNimbostratus
      Apr 26, 2016
      Hello Theo, The default http monitor has a send string configured by default, so there is a send string, but no "recv" string. Based on that documentation the http monitor check is essentially a TCP monitor. Maybe I should contact F5 directly to find this answer. Thank you, John
  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Apr 26, 2016

    At a minimum the default HTTP monitor send string is too simple. Change it to the following more specific string and you should see a difference:

    GET /redir.php HTTP/1.1\r\nHost: foo\r\n\r\n

    Obviously change the URI as required.

  • Kevin_Stewart's avatar
    Kevin_Stewart
    Icon for Employee rankEmployee
    Apr 26, 2016

    Take a look at these references:

     

    https://support.f5.com/kb/en-us/solutions/public/11000/300/sol11359.html?sr=53330875

     

    https://support.f5.com/kb/en-us/solutions/public/3000/200/sol3224.html

     

    And most important: https://support.f5.com/kb/en-us/products/lc_9_x/manuals/product/lc-monitors-reference-11-6-0/1.html?sr=53331011

     

    You can also use the default null Receive String value [""]. In this case, any content retrieved is considered a match. If both the Send String and Receive String fields are left empty, only a simple connection check is performed.