For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

David_Stretch_2's avatar
David_Stretch_2
Icon for Nimbostratus rankNimbostratus
Sep 26, 2012

LTM 11.1.0+ HTTP monitor with native NTLM auth

After struggling for a few hours with HTTP monitors using the native NTLM solution (after the initial BASIC auth request fails), I'm not convinced that it's correctly forming the NTLM request.   T...
management
monitoring
David_Stretch_2's avatar
David_Stretch_2
Icon for Nimbostratus rankNimbostratus
Oct 02, 2012
Here's the monitor, I'll dump the HTTP response in a bit ...

 

 

ltm monitor http QA_ShortURL_Monitor {

 

defaults-from /Common/http

 

destination *:*

 

interval 30

 

partition WebSystems

 

password "****"

 

recv "StatusCode: 200, Ok"

 

send "GET / HTTP/1.1\\r\\nHost: qa-shorturl-2008-f5"

 

time-until-up 0

 

timeout 61

 

username DOMAIN\\svc_f5HTTPMonitor

 

}

 

 

I had to remove the trailing \r\n as it was causing malformed headers in the HTTP request which it appears is a known bug when using NTLM auth on a monitor.

 

 

Thanks