For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

ghost-rider_124's avatar
ghost-rider_124
Icon for Nimbostratus rankNimbostratus
May 13, 2013

http monitor with authentication

Hi Expert   There is one http applicaiton (sharepoint), I created the http montior and put the username/password but it is not working. Through tcpdump, I got that it is saying unathorized. Can an...
config
design
Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Jul 27, 2015

Okay, so a few questions:

  1. Are you using an HTTPS monitor?

  2. If you attempt to use cURL with IP and port instead of hostname, does it work?

The next step might be to ssldump on the server side to see what's inside that monitor request and response. For this you'll need to copy the server's SSL private key to the BIG-IP and use the following command:

ssldump -k [path to server's private key] -AdNn -i 0.0 port 443 and host [IP of server]

This should allow you to see inside the SSL traffic between the BIG-IP and server (assuming you're using RSA for key exchange). If you can do this, you should be looking for the client (BIG-IP) GET request, which will probably have a "Basic" Authorization header, followed by a 401 from the server, followed again by another request with an NTLM Authorization header. If the response to that is another 401 or you don't see the second request, then you know it's an auth problem with the monitor.