For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

OTS02's avatar
OTS02
Icon for Cirrus rankCirrus
Aug 24, 2015

SNI External Monitor for ADFS

Kevin Stewart solved the mystery of why my built-in GTM monitor would not work against our ADFS servers (https://devcentral.f5.com/questions/monitor-for-adfs-server-gtm). The ADFS servers require SNI...
Kevin_Stewart's avatar
Kevin_Stewart
Icon for Employee rankEmployee
Aug 25, 2015

It seems the while loop inside getscript() was looping indefinitely, which only appears to happen as part of the monitor. Here's a minor tweak:

!/bin/bash

pidfile="/var/run/$MONITOR_NAME.$1..$2.pid"

if [ -f $pidfile ]
    then
    kill -9 -`cat $pidfile` > /dev/null 2>&1
fi

echo "$$" > $pidfile

node_ip=`echo $1 |sed 's/::ffff://'`
node_port=$2

getscript () {
    echo 'GET / HTTP/1.1'
    echo 'Host: adfs.open-techs.com'
    echo ''
    sleep 1
    echo 'quit\n'
}

docurl () {
    IFS=$'\n'
    arr=($(getscript | openssl s_client -connect ${node_ip}:${node_port} -cipher 'ECDHE-RSA-AES256-SHA' -servername 'adfs.open-techs.com' 2>/dev/nul |grep -E '200 OK'))
    unset IFS
}

docurl

echo ${arr[0]}

if [ -n "${arr[0]}" ]
then
     Remove the pidfile before the script echoes anything to stdout and is killed by bigd
    rm -f $pidfile
    echo "up"
fi

 Remove the pidfile before the script ends
rm -f $pidfile

You may have to adjust the sleep statement depending on the application server's response.