Forum Discussion

Zuke's avatar
Zuke
Icon for Cirrostratus rankCirrostratus
Aug 21, 2019

Generic Host HTTPS monitor

I'm attempting to set up a pool with two HTTPS web applications. The pool members are generic hosts listening on 443 and not behind an LTM.

When I assign the built-in HTTPS pool, both pool members respond without issue. However, when I create a custom monitor where I expect a 200 OK response, the pool members are marked offline.

(I tested in my LTM lab environment and using the same configuration with the custom HTTPS monitor and the pool members were successful.)

Here are the LTM and GTM monitors, respectively:

ltm monitor https https_get_monitor {
  adaptive disabled
  cipherlist DEFAULT:+SHA:+3DES:+kEDH
  compatibility enabled
  defaults-from https
  description stuff
  destination *:*
  interval 30
  ip-dscp 0
  recv "HTTP/1.(0|1) (1|2|3|4)"
  recv-disable none
  send "GET / HTTP/1.1\r\nHost: \r\nConnection: Close\r\n\r\n"
  time-until-up 0
  timeout 91
}
 
 
 
gtm monitor https https_get_monitor {
  cipherlist DEFAULT:+SHA:+3DES:+kEDH
  compatibility enabled
  defaults-from https
  destination *:*
  interval 30
  probe-timeout 5
  recv "HTTP/1.(0|1) (1|2|3|4)"
  send "GET / HTTP/1.1\r\nHost: \r\nConnection: Close\r\n\r\n"
  timeout 120
}
  • Dario_Garrido's avatar
    Dario_Garrido
    Icon for MVP rankMVP
    Aug 21, 2019

    Hello Zuke.

    To set a custom HTTPS with specific host header you can set 3 different https monitors

    ltm monitor https https_1 {
    adaptive disabled
    defaults-from https
    destination *:*
    interval 5
    ip-dscp 0
    recv 200\sOK
    recv-disable none
    send "GET / HTTP/1.1\r\nHost: myapp1.domain.com\r\nConnection: Close\r\n\r\n"
    time-until-up 0
    timeout 16
}
 
ltm monitor https https_2 {
    adaptive disabled
    defaults-from https
    destination *:*
    interval 5
    ip-dscp 0
    recv 200\sOK
    recv-disable none
    send "GET / HTTP/1.1\r\nHost: myapp2.domain.com\r\nConnection: Close\r\n\r\n"
    time-until-up 0
    timeout 16
}
 
ltm monitor https https_3 {
    adaptive disabled
    defaults-from https
    destination *:*
    interval 5
    ip-dscp 0
    recv 200\sOK
    recv-disable none
    send "GET / HTTP/1.1\r\nHost: myapp3.domain.com\r\nConnection: Close\r\n\r\n"
    time-until-up 0
    timeout 16
}

    And finally configure the pool to consider UP if at least one of them is OK (including all the monitors in the list).

    ltm pool mypool {
  members {
    172.16.20.1:https {
      address 172.16.20.1
      session monitor-enabled
      state up
    }
    172.16.20.2:https {
      address 172.16.20.2
      session monitor-enabled
      state up
    }
    172.16.20.3:https {
      address 172.16.20.3
      session monitor-enabled
      state up
    }
  }
  monitor min 1 of { https_1 https_2 https_3 }
}

    BTW, use "200\sOK" as received string.

    REF - https://support.f5.com/csp/article/K5917

    Let me know if this is helpful.

    KR,

    Dario.