For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

bmohanak_276891's avatar
bmohanak_276891
Icon for Cirrus rankCirrus
Nov 15, 2016

https monitor failing on receive string

Dear Folks,

 

I am trying to setup an https monitor where we have the send and receive string, when debugging the output using curl, this is the output

 

< HTTP/1.1 302 Found < Date: Tue, 15 Nov 2016 21:42:33 GMT < Server: Oracle-HTTP-Server-11g < Set-Cookie: OAMAuthnHintCookie=0@1479246153; httponly; secure; path=/; domain=.39.xx < Set-Cookie: OAMRequestContext_10.1.xx.xx:7787_636955=ciUK05ji8Qknb5+cXIq4Ng==;max-age=300; httponly; secure; path=/ < Location: http://taxap.internal.xyz.com:14100/oam/server/obrareq.cgi?encquery%3DKPByGkU9KLBSD5H1HJlzqtSbDnItoYPgXasC2r4o%2B7AaABNDFXn24eKXASBAqR%2FWZXYN4qhUCFNrrjType1TN11%2B2%2FEL3MIkTEd6C%2BhT4r3JUKHe14CDvpVlL3Rx1ip3JtFeNlHu9hMiufirSmK2yzZXImzcBE5%2F5DYBoyijrgtfG92HQEKduHcHIqdwUW02sBMNBj05gGQSpIUi%2FcSo0lolua7KKFPKCDag4bmhSt%2BSgGYfOsUIVUE1dcjAbKXS2El50UbINjAb36q4G1R8UENvJzzG1ZXRyEvCKCxWZNAOcFT4P1aJmmRZS8MQxtlr1RYb3IYFoHM2hKkI0Hltzw%3D%3D%20agentid%3Dstg2_agent_lsa02%20ver%3D1%20crmethod%3D2&ECID-Context=1.005GLrLV6%5EyCgo1_zt%5EAyW0001Xx0000%5EN%3BkXjE < Content-Length: 783 < Content-Type: text/html; charset=iso-8859-1 < //DTD HTML 2.0; 302 Found

 

 

Found

The requested resource has been temporarily moved here.

 

* Connection 0 to host 10.1.xx.xx left intact * Closing connection 0 * SSLv3, TLS alert, Client hello (1):

 

But when I try to access the string directly from the server, I get the required string https://taxap.internal.xyz.com:7787 GET string: /public/HealthCheck.htm Receive String: Welcome!

 

I don't know why the difference is. Can somebody help, Every time I put the receive string the monitor, the monitor fails.

 

LTM
security

8 Replies

  • David_Stout's avatar
    David_Stout
    Icon for Nimbostratus rankNimbostratus
    Nov 16, 2016

    Does your send string look something like this and include the Host header ?

    GET /public/HealthCheck.htm HTTP/1.1\r\nHost: taxap.internal.xyz.com\r\n\r\n

    From what's listed above it looks like the F5 is calling the site by it's IP address and not it's actual hostname so it would give a different result than a browser.

  • Stanislas_Piro2's avatar
    Stanislas_Piro2
    Icon for Cumulonimbus rankCumulonimbus
    Nov 16, 2016

    Hi,

    In your curl response, there is no "Welcome" string.

    so, the monitor result is correct.

    can you try with following curl command:

    curl -k -v https://taxap.internal.xyz.com:7787/public/HealthCheck.htm --resolve taxap.internal.xyz.com:7787:10.1.39.xx

    on F5 curl command does not support --resolve. you must use curl-apd instead of curl:

    curl-apd -k -v https://taxap.internal.xyz.com:7787/public/HealthCheck.htm --resolve taxap.internal.xyz.com:7787:10.1.39.xx

    if it works, the monitor must be:

    GET /public/HealthCheck.htm HTTP/1.1\r\nHost: taxap.internal.xyz.com:7787\r\n\r\n
  • ekaleido's avatar
    ekaleido
    Icon for Cirrus rankCirrus
    Nov 16, 2016

    The response is coming from the server, not the F5. So when you get a 302 and there is no mention anywhere of "Welcome!" the health check will fail because the Receive String is not being matched.

     

    Perhaps your send string should actually check against the URI you are being redirected to?

     

    • bmohanak_276891's avatar
      bmohanak_276891
      Icon for Cirrus rankCirrus
      Nov 17, 2016

      Okay Sorry, I am not sure if I understand this.

       

      The "https" monitor is set to receive the "Welcome!" String from the Server and both the servers in the Pool when accessed directly gives me that string but F5 is not.

       

    • ekaleido's avatar
      ekaleido
      Icon for Cirrus rankCirrus
      Nov 17, 2016

      No. When you go direct to the server you get a 302 redirect from the server, as evidenced by the curl output above. But as an end user you do not see that, you just see a page render that says "Welcome!"

       

      But what really happens is the response (and where the receive string will be judged) is a 302 redirect. That is where you would have to match the "Welcome!" string.

       

      Does that clear it up for you?

       

  • ekaleido_26616's avatar
    ekaleido_26616
    Icon for Cirrocumulus rankCirrocumulus
    Nov 16, 2016

    The response is coming from the server, not the F5. So when you get a 302 and there is no mention anywhere of "Welcome!" the health check will fail because the Receive String is not being matched.

     

    Perhaps your send string should actually check against the URI you are being redirected to?

     

    • bmohanak_276891's avatar
      bmohanak_276891
      Icon for Cirrus rankCirrus
      Nov 17, 2016

      Okay Sorry, I am not sure if I understand this.

       

      The "https" monitor is set to receive the "Welcome!" String from the Server and both the servers in the Pool when accessed directly gives me that string but F5 is not.

       

    • ekaleido_26616's avatar
      ekaleido_26616
      Icon for Cirrocumulus rankCirrocumulus
      Nov 17, 2016

      No. When you go direct to the server you get a 302 redirect from the server, as evidenced by the curl output above. But as an end user you do not see that, you just see a page render that says "Welcome!"

       

      But what really happens is the response (and where the receive string will be judged) is a 302 redirect. That is where you would have to match the "Welcome!" string.

       

      Does that clear it up for you?