NaydenDunkov_27
Nimbostratus
NimbostratusExternal Monitor for checking proxy authentication and Internet access
Hello Experts,
We are load balancing 3 proxy servers and we are trying to construct an external monitor that both checks if an user can authenticate to the proxy and access the internet.
So far we've managed to get the following script working when run from the F5 CLI:
!/bin/sh
(c) Copyright 1996-2007 F5 Networks, Inc.
This software is confidential and may contain trade secrets that are the
property of F5 Networks, Inc. No part of the software may be disclosed
to other parties without the express written consent of F5 Networks, Inc.
It is against the law to copy the software. No part of the software may
be reproduced, transmitted, or distributed in any form or by any means,
electronic or mechanical, including photocopying, recording, or information
storage and retrieval systems, for any purpose without the express written
permission of F5 Networks, Inc. Our services are only available for legal
users of the program, for instance in the event that we extend our services
by offering the updating of files via the Internet.
@() $Id: http_monitor_cURL+GET,v 1.0 2007/06/28 16:10:15 deb Exp $
(based on sample_monitor,v 1.3 2005/02/04 18:47:17 saxon)
these arguments supplied automatically for all external monitors:
$1 = IP (IPv6 notation. IPv4 addresses are passed in the form
::ffff:w.x.y.z
where "w.x.y.z" is the IPv4 address)
$2 = port (decimal, host byte order)
Additional command line arguments ($3 and higher) may be specified in the monitor template
This example does not expect any additional command line arguments
Name/Value pairs may also be specified in the monitor template
This example expects the following Name/Vaule pairs:
URI = the URI to request from the server
RECV = the expected response (not case sensitive)
remove IPv6/IPv4 compatibility prefix (LTM passes addresses in IPv6 format)
IP=`echo ${1} | sed 's/::ffff://'`
PORT=${2}
PIDFILE="/var/run/`basename ${0}`.${IP}_${PORT}.pid"
kill of the last instance of this monitor if hung and log current pid
if [ -f $PIDFILE ]
then
echo "EAV exceeded runtime needed to kill ${IP}:${PORT}" | logger -p local0.error
kill -9 `cat $PIDFILE` > /dev/null 2>&1
fi
echo "$$" > $PIDFILE
send request & check for expected response
STATUS=`curl -s -o /dev/null -w '%{http_code}' -H 'Cache-Control: no-cache' http://www.google.com --proxy $IP:$PORT -U username@ourdomain:strongpassword --proxy-ntlm`
if [ "$STATUS" -eq "200" ]
then
rm -f $PIDFILE
echo "UP"
else
rm -f $PIDFILE
echo "DOWN"
fi
exit
As here I have substituted the username, domain name and the password for obvious reasons.
Currently the username has no access to google.com (this is how it should be since it is not allowed access on the proxy) and when executed in CLI the script returns DOWN, as the http_code is 403 - Forbidden.
ANYWAY in the WEB interface it shows all nodes green, which should not be the case..
Any help is much appreciated.
Regards, Nayden
