For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

HTTP / HTTPS syntax Monitor check from CLI

Problem this snippet solves:

When creating monitor, we usually check web site availability with curl.

These commands allow to check if HTTP Monitor send string is correct

How to use this snippet:

from F5 cli (not tmsh) run following commands

Monitor HTTP:

SEND_STRING='Monitor String'
(echo -ne $SEND_STRING; cat) | nc 'Pool Member IP' 'Pool member port'

Monitor HTTPS:

SEND_STRING='Monitor String'
(echo -ne $SEND_STRING; cat) | openssl s_client -host 'Pool Member IP' -port 'Pool member port' -quiet

example:

SEND_STRING='GET / HTTP/1.1\r\nHost: www.company.com\r\nConnection: Close\r\n\r\n'
(echo -ne $SEND_STRING; cat) | nc 1.2.3.4 80

SEND_STRING='GET / HTTP/1.1\r\nHost: www.company.com\r\nConnection: Close\r\n\r\n'
(echo -ne $SEND_STRING; cat) | openssl s_client -host 1.2.3.4 -port 443 -quiet

Code :

No file

Tested this on version:

11.6
Updated Jun 06, 2023
Version 2.0
application delivery
LTM

10 Comments

  • Amresh008's avatar
    Amresh008
    Icon for Nimbostratus rankNimbostratus
    Dec 29, 2017

    I tried running this on 12.1.1, but it did not do anything. Please suggest.

     

  • Amresh008's avatar
    Amresh008
    Icon for Nimbostratus rankNimbostratus
    Dec 30, 2017

    (echo -ne "monitor string"; cat) | nc a.b.c.d xyz

     

    a.b.c.d being the ip address of the pool member xyz being the pool member port

     

  • Ajit's avatar
    Ajit
    Icon for Altostratus rankAltostratus
    Aug 06, 2018

    Hello Stanislas,

    I tried the below command but it just shows me SSL errors. Can you assist?

    
(echo -ne "GET / HTTP/1.1\\r\\nHost: abc.com\\r\\nConnection: Close\\r\\n"; cat) | openssl s_client -connect 1.1.1.1:443 -quiet

    47753692343424:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1293:SSL alert number 40 47753692343424:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:184:

    It shows me the above errors after being connected.

    Note: I do not have a DNS entry for abc.com in place

    Regards,

    Ajit

  • Stanislas_Piro2's avatar
    Stanislas_Piro2
    Icon for Cumulonimbus rankCumulonimbus
    Aug 06, 2018

    Why did you add 2 \ in send string ? did you get it from tmsh which add a second \ in config file?

    try this:

    (echo -ne "GET / HTTP/1.1\r\nHost: abc.com\r\nConnection: Close\r\n"; cat) | openssl s_client -connect 1.1.1.1:443 -quiet
  • Ajit's avatar
    Ajit
    Icon for Altostratus rankAltostratus
    Aug 06, 2018

    Same result. I have client MA enabled on 1.1.1.1. What should I do to get past that? Does that matter?

     

    Regards,

     

    Ajit

     

  • VRI_341747's avatar
    VRI_341747
    Icon for Nimbostratus rankNimbostratus
    Aug 10, 2018

    How can I use this command with NTLM authentication? The monitor works in the gui when credentials are specified but I get access denied from CLI.

     

    Thanks,

     

    LM

     

  • Joey's avatar
    Joey
    Icon for Nimbostratus rankNimbostratus
    Aug 02, 2019

    Is there partition/route domain involved?

    if so, simply add ‘rdexec zzz’ before openssl where zzz stands for route domain ID