For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

NTLM Authenticated Proxy External Monitor

Problem this snippet solves:

NTLM Authenticated Proxy External Monitor

How to use this snippet:

This monitor is used to monitor the availability of a web page through a NTLM authenticated proxy.

The default HTTP monitor relies on receiving a 401 Authenticate message to trigger the NTLM handshake, proxies respond with a 407 Proxy Authenticate message instead, which causes the monitor to fail.

Set the following variable: URI-The requested host/page to send the request to. (e.g. www.host.com/page1 or https://www.host.com/page.html) USER-Proxy Username PASS-Proxy Password RECV-Receive String to look for

Code :

#!/bin/sh
#
#Name:external_monitor_NTLM_Proxyauth
#Author:Matt Elkington
#Contact:melkington@integrity360.com
#Date:23/01/2017
#Description:An external monitor to allow monitoring of a host through a NTLM Authenticated proxy
#This is to work around the fact that the standard http monitor will only use NTLM if 
#it receives a 401 Authenticate message and ignores a 407 Proxy Authenticate message

#
#Change Log
#VersionChangeDate
#1.0Initial Monitor23/01/2017
#
#
#Port and IP address are supplied automatically a variables $1 and $2 byt the LTM:
#$1 = IP (nnn.nnn.nnn.nnn notation)
#$2 = port (decimal, host byte order)
#
#The following variables must be set in the monitor definitation:
#
#URI-The requested host/page to send the request to. (e.g. www.host.com/page1 or https://www.host.com/page.html)
#USER-Proxy Username
#PASS-Proxy Password
#RECV-Receive String to look for
#
# remove IPv6/IPv4 compatibility prefix (LTM passes addresses in IPv6 format)
NODE=`echo ${1} | sed 's/::ffff://'`
PORT=${2}
 
 
 
PIDFILE="/var/run/`basename ${0}`.${NODE}_${PORT}.pid"
# kill of the last instance of this monitor if hung and log current pid
if [ -f $PIDFILE ]
then
   echo "EAV exceeded runtime needed to kill ${IP}:${PORT}" | logger -p local0.error
   kill -9 `cat $PIDFILE` > /dev/null 2>&1
fi
echo "$$" > $PIDFILE
 
# send request & check for expected response
curl ${URI} --proxy ${NODE}:${PORT} -U ${USER}:${PASS} --proxy-ntlm -k | grep -i "${RECV}" 2>&1 > /dev/null
 
# mark node UP if expected response was received
if [ $? -eq 0 ]
then
    # Remove the PID file
    rm -f $PIDFILE
 
    echo "UP"
else
    # Remove the PID file
    rm -f $PIDFILE
fi
 
exit

Tested this on version:

11.6
Published Jan 23, 2017
Version 1.0
application delivery
authenticate
BIG-IP
LTM
monitor
ntlm
proxy
No CommentsBe the first to comment