Using https monitor with Oracle Access Manager

Hi Mark, I would try using a blank Receive String first, cut your problem in half.

Sometimes the Send String is incorrect/malformed, sometimes the Rec string is incorrect. Get a successful Send string first, then work on the Rec string.

Browser plug-in decoders do not always show ALL the control characters, so you might have to use TCPdump on the big-ip or the OAM server to properly decode the traffic. Hint: a missing or extra "space" can be the difference sometimes with these Send/Rec strings working or not - Ugh!!

We are working on this in the OAM Dev lab with Oracle, so we should have some specific guidance soon, but no ETA.

Please let us know what you find works, or not !!

Thanx,

Chris.

Okay, I took out the receive string, ie made it blank and changed the send string to use the ip address for the host value, as it occurred to me that my ltm, being in my dmz doesn't have access to my internal dns.... however it still marking the member as down... send string is now as follows GET /oam/server/HeartBeat HTTP/1.1\r\nHost: 172.28.131.57 \r\nConnection: Close\r\n\r\n

Just to confirm though, assuming I/we get the syntax right on the send and receive strings, I should be able to do this with a regular https monitor, even though all that gets sent back is the status code in the header right?

however it still marking the member as down

can you try tcpdump? do you have server's ssl key to decrypt?

you may have to remove the monitor from pool first, start tcpdump and then assign it back to the pool.

 tcpdump -nni 0.0:nnn -s0 -w /var/tmp/output.pcap host x.x.x.x and host y.y.y.y -v
x.x.x.x is non-floating self ip on server vlan
y.y.y.y is server ip

I can get the key tomorrow, but I can try the tcpdump against the nonsecure server first, according to my browser, the Heartbeat app is running on port 80 also

Okay, HTTP works fine, I have an oam-http monitor with the following Send and recv strings. I took out the ip address for the host field, as I was hoping that wasn't needed, because then I would need different monitors for each member. I had read that you could leave that value as null.

GET /oam/server/HeartBeat HTTP/1.1\r\nHost: \r\nConnection: Close\r\n\r\n HTTP/1.1 200 OK\r\n

But when I use the same Send and Recv strings on the https monitor it fails :(

I'll get the ssl key from the server folks tomorrow and run the tcpdump against the secure server to see what's different .... Thanks for your help

GOT it... I spoke too soon on the removal of the host ip value having no effect. I noticed that my oam-http monitor had gone red, so I put the ip address back in and it went green. I went back to my https monitor and added in the host ip and it also went green....

Now, is there a way to do this without having to create a separate monitor for each member? Can the monitor populate the host value by using the node ip?

Can the monitor populate the host value by using the node ip?

HTTP Monitor cURL GET With Host Specific Headers

As I figured, if I want to get the Node ip, I need to use and irule and use it in an external monitor.... I was trying my best to follow the advice listed at the beginning of this external monitor....

NOTE: Use external monitors only when a built-in monitor won't do the trick. This example is intended to demonstrate the use of cURL (which offers a large number of other useful options) to insert variable headers in an external monitor. However, if nothing in the request varies, and don't need those extra options, more basic HTTP monitors are much more efficiently configured using the built-in HTTP monitor template instead.

by the way, have you tried fqdn (virtual server) instead of server (node) ip?