For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

FredrikP's avatar
FredrikP
Icon for Nimbostratus rankNimbostratus
Aug 08, 2018

Issue with external monitor using curl on ntlm site

I need to create a monitor for our share point environment.

I first tried with the built-in HTTPS monitor, but it gave a 401 error. After some investigation it seems there is an issue if the service is using NTLM and I was recommended to use an external monitor.

With the information I found here I created the following script:

!/bin/sh

 This script expects the following Name/Value pairs:
  URI  = the URI to check
  USER = username
  PASSWORD = password
  RECV = the expected response (case sensitive)
 remove IPv&/IPv4 compatibility prefix (LTM passes addresses in IPv6 format)
IP=`echo ${1} | sed 's/::ffff://'`
PORT=${2}

PIDFILE="/var/run/`basename ${0}`.${IP}_${PORT}.pid"
 kill of the last instance of this monitor if hung and log current pid
if [ -f $PIDFILE ]
then
  echo "EAV exceeded runtime needed to kill ${IP}:${PORT} $PIDFILE" | logger -p local0.error
  kill -9 `cat $PIDFILE` > /dev/null 2>&1
fi
echo "$$" > $PIDFILE
 send request and check for expected response
if [ $PORT -eq 443 ]
then
  curl -kfNS --ntlm --user ${USER}:${PASSWORD} https://${IP}${URI} | grep "${RECV}" 2>&1 > /dev/null
else
  curl -kfNS --ntlm --user ${USER}:${PASSWORD} http://${IP}:${PORT}${URI} | grep "${RECV}" 2>&1 > /dev/null
fi

 mark node UP if expected response was received
if [ $? -eq 0 ]
then
   Remove the PID file
  rm -f $PIDFILE
  echo "UP"
else
   Remove the PID file
  rm -f $PIDFILE
fi
exit

Currently only using 443 so it on it will only use the first curl command, but wanted it able to handle both and I had some issue when I tried to use the second command.

The curl command works fine from the F5 cli and if I use "run /util test-monitor intranet_sharepoint_monitor_ext address 10.xxx.xxx.xxx port 443" from tmsh it correctly marks the nodes as up or down.

If do the test from the LTM Monitor I get "No successful responses received before deadline" if I try it on the share point that uses NTLM, if I try it on another share point that doesn't use NTLM it works fine.

Why would it work with the test-monitor command but not with the actual monitor in the GUI, shouldn't they be the same?!

Anyone have any suggestions on what I could do to solve this?

Have checked so it doesn't contain any windows characters and I have checked so that file located in /config/filestore/files_d/Common_d/external_monitor_d/ has the correct permissions.

application delivery
application health monitoring
curl
external monitor
LTM

1 Reply

  • eneR's avatar
    eneR
    Icon for Cirrostratus rankCirrostratus
    Aug 09, 2018

    Are the variables like uri, ntlm user/pass and receive string correctly configured in the monitor settings?