Forum Discussion

Dbow_21284's avatar
Dbow_21284
Icon for Nimbostratus rankNimbostratus
Nov 06, 2009

HTTP Authentication Monitor - Two Steps Needed Though

Hello

I have an old CF application that is still heavily used and the application developers have no time to rework the site. I want to load balance the site and create a monitor that will look at http://something.mydomain.com/whatsup.cfm which returns a "1-UP".

ISSUE: The way the site was coded, you cannot go directly to that page with login. No matter what URI you enter, you get a login and after you authenticate the site always takes you back to http://something.mydomain.com/index.cfm. I have used external monitors in the past which work great so I have experience with using that with http auth and testing for string. AN example of ones I am using are: 

curl -L -v --user 'loser:password' http://${IP}:${PORT}/_layouts/ACCApplications/CommonLogin/login.aspx?ReturnUrl=%2fwhatsup.aspx -H "Host: something.mydomain.org" | grep -i "1-UP"

So my question is ... how can I tweak this. Can I have two curl statements?

1) First statement accesses http://something.mydomain.com/index.cfm and logins

2) Step 2 goes to /whatsup.cfm after authentication using same connection and grep test for "1-UP"?

I couldnt find any examples of this in this forums. OR ... is there another way to do this. I tried this and I get a "HTTP/1.1 302 Moved Temporarily" error when putting /whatsup.cfm directly in a single curl statement becuase of redirecting back to the /index.cfm. So I need to some home step this through.

Look forward to feedback. I have never not had an issue resolved in this place. Thanks

Dbow
management
monitoring
  • hoolio's avatar
    hoolio
    Icon for Cirrostratus rankCirrostratus
    Nov 09, 2009
    It's a bit odd that the app won't accept basic auth credentials in the first request to the page you want to check status with. Can you post the full output from curl using the -v flag for verbose output for the two requests which do work?

     

     

    I'd expect you should be able to do this with one request. If so, you could use a stock HTTP monitor instead of an external monitor which calls curl. The inbuilt monitor would be more efficient than an external one.

     

     

    Aaron
  • Dbow_21284's avatar
    Dbow_21284
    Icon for Nimbostratus rankNimbostratus
    Nov 09, 2009
    Will do .. here it goes. The one thing I can say is the its Cold Fusion and it redirects even in IE and Firefox this way. Here goes the verbose log:

     

     

     
 [root@RDLB1:Active] monitors  sh -x /usr/bin/monitors/AUTH_ACCEMENTOR 10.50.10.51 80 
 ++ echo 10.50.10.51 
 ++ sed s/::ffff:// 
 + IP=10.50.10.51 
 + PORT=80 
 ++ basename /usr/bin/monitors/AUTH_ACCEMENTOR 
 + PIDFILE=/var/run/AUTH_ACCEMENTOR.10.50.10.51_80.pid 
 + '[' -f /var/run/AUTH_ACCEMENTOR.10.50.10.51_80.pid ']' 
 + echo 25288 
 + curl -L -v --user LUSER:password http://10.50.10.51:80/whatsup.cfm -H 'Host: something.domain.org' 
 + grep -i 1-UP 
 * About to connect() to 10.50.10.51:80 
 * Connected to 10.50.10.51 (10.50.10.51) port 80 
 > GET /whatsup.cfm HTTP/1.1 
 Authorization: Basic ZGRlbmJvdzpiYWJ5cmVuMQ== 
 User-Agent: curl/7.10.6 (i686-redhat-linux-gnu) libcurl/7.10.6 OpenSSL/0.9.7l ipv6 zlib/1.1.4 
 Pragma: no-cache 
 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */* 
 Host: something.domain.org 
  
 < HTTP/1.1 302 Moved Temporarily 
 < Connection: close 
 < Date: Mon, 09 Nov 2009 18:14:21 GMT 
 < Server: Microsoft-IIS/6.0 
 < X-Powered-By: ASP.NET 
 < Set-Cookie: CFID=21249275;expires=Wed, 02-Nov-2039 18:14:21 GMT;path=/ 
 < Set-Cookie: CFTOKEN=40629952;expires=Wed, 02-Nov-2039 18:14:21 GMT;path=/ 
 < Set-Cookie: CFID=21249275;path=/ 
 < Set-Cookie: CFTOKEN=40629952;path=/ 
 < location: index.cfm 
 < Content-Type: text/html; charset=UTF-8 
   % Total    % Received % Xferd  Average Speed          Time             Curr. 
                                  Dload  Upload Total    Current  Left    Speed 
   0     0    0     0    0     0      0      0 --:--:--  0:00:00 --:--:--     0 
 * Closing connection 0 
 * Issue another request to this URL: 'http://10.50.10.51:80/index.cfm' 
 * About to connect() to 10.50.10.51:80 
 * Connected to 10.50.10.51 (10.50.10.51) port 80 
 > GET /index.cfm HTTP/1.1 
 Authorization: Basic ZGRlbmJvdzpiYWJ5cmVuMQ== 
 User-Agent: curl/7.10.6 (i686-redhat-linux-gnu) libcurl/7.10.6 OpenSSL/0.9.7l ipv6 zlib/1.1.4 
 Pragma: no-cache 
 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, */* 
 Cookie: CFTOKEN=40629952; CFID=21249275 
 Host: something.domain.org 
  
 < HTTP/1.1 200 OK 
 < Connection: close 
 < Date: Mon, 09 Nov 2009 18:14:21 GMT 
 < Server: Microsoft-IIS/6.0 
 < X-Powered-By: ASP.NET 
 < Set-Cookie: CFID=21249275;path=/ 
 < Set-Cookie: CFTOKEN=40629952;path=/ 
 < Content-Language: en-US 
 < Content-Type: text/html; charset=UTF-8 
 100 22100    0 22100    0     0  33233      0 --:--:--  0:00:00 --:--:-- 33083 
 * Closing connection 0 
 + '[' 1 -eq 0 ']' 
 + rm -f /var/run/AUTH_ACCEMENTOR.10.50.10.51_80.pid 
 + exit

     

     

    And here is my script below. The site doesnt accept format http://username:password@something.domain.org ... something with this old code. I am getting to the point where I am going to tell them to recode ... but if we could figure it out, that would be awesome.

     

     

     
 !/bin/sh 
  remove IPv6/IPv4 compatibility prefix (LTM passes addresses in IPv6 format) 
 IP=`echo ${1} | sed 's/::ffff://'` 
  IP=${1} 
 PORT=${2} 
 PIDFILE="/var/run/`basename ${0}`.${IP}_${PORT}.pid" 
  kill of the last instance of this monitor if hung and log current pid 
 if [ -f $PIDFILE ] 
 then 
 kill -9 `cat $PIDFILE` > /dev/null 2>&1 
 fi 
 echo "$$" > $PIDFILE 
  send request & check for expected response 
 curl -L -v --user 'LUSER:password' http://${IP}:${PORT}/whatsup.cfm -H "Host: something.domain.org" | grep -i "1-UP" 2>&1 > /dev/null 
  mark node UP if expected response was received 
 if [ $? -eq 0 ] 
 then 
 echo "UP" 
 fi 
 rm -f $PIDFILE 
 exit

     

     

    Thanks