For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

henrykay_123_28's avatar
henrykay_123_28
Icon for Nimbostratus rankNimbostratus
Oct 19, 2016

http monitor with credential

hi all,

 

after searching through, i can't seems to find something that is related to this. it points me to the sol guide but seems like i am still cant get the f5 health monitor to log in and get authenticated to get the 200 ok.

 

this is the send string that i send in the health monitor GET /WebOAS/OasCommon/Views/MainMenu.aspx?inst_code=SG HTTP/1.1\r\n \r\nConnection: Close\r\n\r\n

 

the return string 200 OK

 

this is the curl command and the output curl -Is --ntlm --user 'domain\username' : 'P@ssw0rd' http://10.236.176.26/WebOAS/OasCommon/Views/MainMenu.aspx?inst_code=SG

 

HTTP/1.1 401 Unauthorized Content-Length: 341 Content-Type: text/html; charset=us-ascii Server: Microsoft-HTTPAPI/2.0 WWW-Authenticate: NTLM TlRMTVNTUAACAAAABQAFADgAAAAGgokCON9RPQHP2RYAAAAAAAAAALgAuAA9AAAABgOAJQAAAA9TSFNFUwIACgBTAEgAUwBFAFMAAQAaAFMARwBIAE8AQQBTAFYAUABXAEUAQgAwADEABAAgAHMAaABzAGUAcwAuAHMAaABzAC4AYwBvAG0ALgBzAGcAAwA8AFMARwBIAE8AQQBTAFYAUABXAEUAQgAwADEALgBzAGgAcwBlAHMALgBzAGgAcwAuAGMAbwBtAC4AcwBnAAUAFABzAGgAcwAuAGMAbwBtAC4AcwBnAAcACABgPehc3SnSAQAAAAA= Date: Wed, 19 Oct 2016 07:49:47 GMT

 

HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache,no-cache Content-Length: 1302 Content-Type: text/html; charset=utf-8 Expires: -1 Server: Microsoft-IIS/8.5 X-AspNet-Version: 2.0.50727 Set-Cookie: ASP.NET_SessionId=50ff5f45jrkz5eezs3oiyeq0; path=/; HttpOnly Persistent-Auth: true X-Powered-By: ASP.NET Date: Wed, 19 Oct 2016 07:49:51 GMT

 

when i tried a telnet 10.236.176.26 80 and issue the GET /WebOAS/OasCommon/Views/MainMenu.aspx?inst_code=SG

 

i received an unauthorised access. invalid credential.

 

am i doing something wrong??

 

application delivery
LTM

2 Replies

  • Jinshu's avatar
    Jinshu
    Icon for Cirrus rankCirrus
    Oct 19, 2016

    You will have two options to solve this issue i think.

    1. You can use the existing http monitor (

      GET /WebOAS/OasCommon/Views/MainMenu.aspx?inst_code=SG HTTP/1.1\r\n \r\nConnection: Close\r\n\r\n) and change the response code from 200 OK to 401.

       

    2. Use an external monitor to use

      curl -Is --ntlm --user 'domain\username' : 'P@ssw0rd' http://10.236.176.26/WebOAS/OasCommon/Views/MainMenu.aspx?inst_code=SG as health monitor.

       

    -Jinshu

     

  • Andy_McGrath's avatar
    Andy_McGrath
    Icon for Cumulonimbus rankCumulonimbus
    Oct 19, 2016

    What TMOS version are you running?

     

    11.1.0 - 11.3.0 has a bug sol13821: HTTP monitors may fail when NTLM authentication is required

     

    I also agree with Jinshu's approach of using an external monitor and personally I use for almost all HTTP/HTTPS monitors that need NTML authentication.

     

    The only thing I would say is watch your backend servers as you could end up with a lot of open authenticated sessions on the servers. If this is an issue write an external monitor that closes the authenticated session after performing its checks.