ACE HTTPS GET PROBE
I have been asked to set up a HTTPS probe with a get request, the encryption is done between the connections on the servers, IBM Datapower Websphere servers, will i still be able to set up a HTTPS get probe and also how do i configure it?
Thanks
Nouraj
Hi Nouraj,
Yes, actually its the same command used with HTTP probes, Ex:
probe https ABMJ-test
request method get url /test.html
Best regards,
Ahmad
Similar Messages
-
ACE http health probes - best practice for interval and passdetect interval?
Hi,
Is there a recommended standard for http health probes in terms of interval and passdetect interval timings, i.e. should the passdetect interval always be less than the interval or visa versa? Can a http probe be 'mis-configured', i.e. return a 'false positive' by configuring an interval timeout thats 'incompatible' with the device it's polling?
I have a http probe for a serverfarm consisting of two Apache http servers and get intermittent 'server reply timeout' probe failures. I'm keen to ensure that the configuration of the probe isn't at fault so I can be confident that a failed probe indicates a problem with the server and not my configuration.
The probe is currently configured as below:-
probe http http-apache
interval 30
passdetect interval 15
passdetect count 6
request method get url /cs/images/ACE.html
expect status 200 304
Any advice on the subject woud be gratefully received.
thanks
MatthewHi Gilles,
Thanks for the advice. In another dicussion (found here https://supportforums.cisco.com/message/462397#462397) a poster has stated that:-
"(The) "Probe interval" should always be less then (open+recieve) timeout value. Default open & receive timeouts are 10 seconds."
Are you able to advise on whether the above is correct and if so, why? I currently have an interval value of 30 that obviously goes against the advice above (which I've interpretted to mean that if you leave the open & receive timeouts at their default settings your probe interval should be less than 20 seconds?).
thanks
Matthew -
I am trying to monitor our web servers from our load balancer with an HTT probe This probe keeps failing. Its monitoring a Windows sharepoint server, and I can get to the test page with my credentials, but the Probe seemingly cant pull it. Is there something in here I am doing wrong? I have attached a screen shot of the probe for reference. I keep getting probe failed. Ive tried a lot of different permutations of this probe config with no success. Any help with anyone who has done this before would be awesome
ACE-4710-DR/Admin# sh probe HTTP-GET detail
probe : HTTP-GET
type : HTTP
state : ACTIVE
description : Test for I-am-alive.html
port : 80 address : 0.0.0.0 addr type : -
interval : 15 pass intvl : 60 pass count : 3
fail count: 3 recv timeout: 10
http method : GET
http url : http://aspenintranet/PSC/Pages/I-am-alive.html
conn termination : GRACEFUL
expect offset : 0 , open timeout : 1
regex cache-len : 0
expect regex : -
send data : -
------------------ probe results ------------------
associations ip-address port porttype probes failed passed health
------------ ---------------+-----+--------+--------+--------+--------+------
rserver : 10.22.5.100
10.22.5.100 80 -- 2970 2970 0 FAILED
Socket state : CLOSED
No. Passed states : 0 No. Failed states : 1
No. Probes skipped : 0 Last status code : 401
No. Out of Sockets : 0 No. Internal error: 0
Last disconnect err : Received invalid status code
Last probe time : Fri May 23 11:33:29 2014
Last fail time : Wed May 21 10:04:45 2014
Last active time : Never -
ACE HTTP Probe with regex
Hi,
I'm trying to setup a HTTP probe with expected string rather then a code (config below). I do a GET for the page then a search for a string in the response however it's not working, as probe appears as failed.
I've tested the connection to the server by using telneting and then looking at the page displayed to make sure the string I want to match is in the response.
probe http HTTP-PROBE
port 43050
interval 30
passdetect interval 30
passdetect count 1
request method get url /action=help
open 43050
expect regex action=help
Q. Is there anything wrong with this configuration and what I'm trying to achive?
Thanks,
PriteshUse "expect status" under probe config. expect regex doesnt work if expect status is not configured.
expect regex work flawlessly with static pages. It doesnt work all the time with dynamic pages.
Specially if "content-length" header is missing from Server response.
Hope it helps
Syed Iftekhar Ahmed -
Hi,
We would like to see the hash value calculated by the ACE when the HTTP probe hash command configured.
This is possible on CSS via the "sh service" command. We have tried to get it from sh rserver , sh probe XXX detail sh serverfarm XXX det but we do not get it.
Is this possible to get it on the ACE as we do on the CSS?
We need this to manually configure it via the hash <value> command because if the ACE probe is reseted for any reason, the probe http hash will be re-calculated based on the first http response of the server and we can not predict that the server will give the expected web page at this time.
A // question is: on what the md5 value is calculated? HTTP header + payload or only http object payload? We have calculated the md5 hash value by ourselves but the probe is still failing whatever the http portion used for the calculation is.
Many thanks for your help.
Regards/ludovic.probe http MD5-HTTP
interval 15
passdetect interval 15
request method get url /index.html
expect status 200 200
hash 2441DA7F68A265F8CFB4426B6897CE33
And here is how I computed the hash on the server itself [linux machine]
md5sum /var/www/HTML/index.html
2441da7f68a265f8cfb4426b6897ce33 /var/www/HTML/index.html
[root@linux-1 tftpboot]#
The probe is UP
switch/Admin# sho probe MD5-HTTP detail
probe : MD5-HTTP
type : HTTP
state : ACTIVE
description :
port : 80 address : 0.0.0.0 addr type : -
interval : 15 pass intvl : 15 pass count : 3
fail count: 3 recv timeout: 10
http method : GET
http url : /index.html
Hash-value : 2441da7f68a265f8cfb4426b6897ce33
conn termination : GRACEFUL
expect offset : 0 , open timeout : 10
expect regex : -
send data : -
--------------------- probe results --------------------
probe association probed-address probes failed passed health
------------------- ---------------+----------+----------+----------+-------
serverfarm : linux1
real : linux1[0]
192.168.30.27 13 4 9 SUCCESS
md5sum is a standard tool.
Nothing fancy about it.
Gilles. -
ACE keep probing real servers using "https get 302"
Hi all,
I got one problem with cisco ACE in my company. Currently, two ACE appliances are working as HA redundancy. Previously I enabled some https and http probing using get 302 for some servers and services. But then I was told to remove all https or http probing, and instead use tcp port 443 and 80. After that, one of the serverfarm (server groups) is receiving https get 302 and I already checked in the monitoring and see whether there's any https probing regarding the respected real servers. But I could not find any. Even I disable all probing to that serverfarm, all the server members still receiving https get 302. Is this behavior a bug?
The ACE version is A3(2.1). And the HA status is on standby cold. Can standby cold cause this kind of trouble?Hi Daniel,
I just corrected the cert problem and made the state peer into standby hot. But still it still keep probing the get 302. And then I tried to restart both ACEs. The first step is to restart the second ACE (standby) and then switched over all context to the second one. The problem is that when I made the second one to be active, some services were not working, especially the ones with ssl terminated in ACE. I'm pretty sure that both ACEs were in sync.
Any idea what is the problem? -
HTTP Get healthprobe with AD user authentication
Hi,
I'm throwing this one out there to the ACE module Load-balancing experts!
how do I configure a request method get url for google.co.uk so that it authenticates a healthprobe AD user with a Bluecoat proxy appliance?
The objective here is to have a probe run a http get to google to test our bluecoat proxy appliance and then failover to another real server (or bluecoat appliance)
ThanksHi Matthew,
This would partially depend on the authentication type defined on your Bluecoat proxy.
For most of the setups, it should be enough to configure the credentials to be used under the probe parameters with the "(config-probe-http)# credentials " command.
If this doesn't work, you may also try inserting an authentication header inside the request. Again configured under the probe parameters.
For more details on the available options, please refer to http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/vA2_3_0/configuration/slb/guide/probe.html#wp1031398
Regards
Daniel -
Is there any way to configure an HTTP health probe that will test a web page and fail if it takes too long for the server to respond. I have attempted to do this (see below) but the "receive" parameter doesn't seem to help. We are currently having a problem where one of the web servers for whatever reason gets really slow, while the other works fine with about the same number of users, I'd like to fail the slow when this occurrs.
Here is my probe config:
probe HTTP-SERVERASP http
request method get url /server.asp
expect status 200 299
interval 5
failed 30
receive 5
Thanks...JeffJeff,
receive seems to be the solution for what you need.
Did you verify how fast/slow the server is responding.
Currently you allow 5 sec for the response to come back and 3 consecutives must fail before the server is brought down, so if your server resond 1 time fast enough, the server stays up.
So, use a sniffer trace to verify the response time.
Send me the trace if you want.
Gilles. -
We recently updated one of our servers to a new SSL certificate using the 4096 bit cipher key. Now the ACE probe to that server fails.
We have SSL version set to any and SSL cipher set to any. Id there a problem with a ACE https probe not supporting cipher keyes longer then 1024 bit ?Hello DLance,
The ACE supports ssl certs upto 2048bits..
If you refer to the following guide, there is mention of the 2048 limit:
http://www.cisco.com/en/US/partner/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA4_1_0/configuration/ssl/guide/certkeys.html
HTH. Regards. -
ACE http/https redirect or rewrite
Greetings,
We have a setup that requires ACE http/https redirection or rewrite.
A client connects to a secured Web portal which has its ssl termination on the ACE.
The web portal will request from the client a redirection to another application. As the portal is unaware that the incoming client https request was terminated on the ACE,
the client receives the redirect request for an unsecured http URL rather than for the secured https URL.
In this case what would be best to use? ACE "rewrite" or "redirect"?
Will the following example config for ACE "redirect" be sufficent to implement this?
ssl-proxy service ssl-App-443-81
key app1.test.com.key
cert app1.test.com.cert
rserver redirect App-secure-redirect
webhost-redirection https://app1.test.com/Go/
inservice
serverfarm redirect App-secure-redirect-sf
rserver App-secure-redirect
inservice
serverfarm host App-81-sf
probe TCP81
rserver proxy1 81
inservice
rserver proxy2 81
inservice
parameter-map type http http_param_map
header modify per-request
sticky http-cookie App-cookie App-sticky
cookie insert
replicate sticky
serverfarm App-81-sf
class-map match-any App-443-81-cm
2 match virtual-address 10.10.10.112 tcp eq https
class-map match-any App-81-cm
2 match virtual-address 10.10.10.112 tcp eq 81
class-map type http loadbalance App-secure-redirect-cm
match http url http://app1.test.com:81/Go/
policy-map type loadbalance http first-match App-rewrite-pm
class App-secure-redirect-cm
serverfarm App-secure-redirect-sf
policy-map type loadbalance http first-match App-sticky-443-81-pm
class class-default
sticky-serverfarm App-sticky
policy-map multi-match policy-inbound
class App-81-cm
loadbalance vip inservice
loadbalance policy App-rewrite-pm
loadbalance vip icmp-reply active
loadbalance vip advertise active
class App-443-81-cm
loadbalance vip inservice
loadbalance policy App-sticky-443-81-pm
loadbalance vip icmp-reply active
loadbalance vip advertise active
appl-parameter http advanced-options http_param_map
ssl-proxy server ssl-App-443-81If you are offloading www.yoursite.com on ACE and on the backend
real servers are not ssl aware (sends URL with http://) then with
following sample config you can instruct ACE to rewrite such urls (http->https)
class-map match-all VIP-443
match virtual-address x.x.x.x tcp eq https
action-list type modify http HTTP2HTTPS-REWRITE
ssl url rewrite location www\.yoursite\.* sslport 443 clearport 80
policy-map type loadbalance first-match YOUR-POLICY
class class-default
serverfarm YOUR-SFARM
action HTTP2HTTPS-REWRITE
class VIP-443
loadbalance vip inservice
loadbalance policy YOUR-POLICY
loadbalance vip icmp-reply active
ssl-proxy server YOUR-SSL-SERVICE
You need Ace2.x+ on Ace module & 3.x+ on 4710 appliance for this feature.
Syed Iftekhar Ahmed -
Using ADFS authentication to perform SSO via HTTP GET request
Hi,
Can i authenticate users (those users are clients, at home) to a web application using ADFS without SAML tokens?
The situation is that i want the clients to perform SSO to the website via a link they receive in their mailboxes.
I thought about a solution that combines JWT in a URL link that each user will get to his private mail. this link will contain the users' claim (such as ID Num, given from AD DS Server dedicated especially for them).
Thus, the user will receive an email with a link that already contains a short period of time JWT to perform SSO to the webapp.
Is it possible ? anybody heard about a similar solution ?Sandra
Thanks for your message
Here is the my requirment
The basic flow of a Where 2 Get It REST API call is:
1) create the required XML structure,
2) URI encode it,
3) make a HTTP GET request,
4) then parse the return XML document.
Currently i have some data in ABAP structure with 5 fields, i need to create XML from the those 5 fields,and needs to be URI
encode it, and then needs to make a HTTP get request to connect Where to Get It REST API, finally it will return XML document via HTTP Get request , and then needs to convert the return XML to ABAP structure for further processing .the above 4 points will be implemented in my report.
Any body could help on this -
Retrieve data from a non-peoplesoft application using HTTP Get
I need to retrieve data from a non-peoplesoft application. They want us to submit a HTTP GET request to their URL with a series of parameters. I am thinking about using HTTP Targert connector to accomplish this. Does anyone have sample peoplecode?
Currently we are on 8.51.10 Tools...
If there is any better way .. please let me know ..I have used HTTP Get to get XML file from a government sanction list by hitting URL http://www.treasury.gov/ofac/downloads/sdn.xml
There is a delivered PS program that does that for vendor sanctions. I had to get the online setup correctly by creating a new custom Node with HTTP Target Connector. The program name is BSP_IMPORT. The below code is responsible for the calling the node and retrieving the data. Play around with the code below see if you can get it to meet your needs.
BSP_IMPORT_AET.BANKNODE.Value is just the custom external code that I created.
PMT_FLAT_FILE_INBOUND message is just a none rowset based message to use the web service call.
Local TR:FileUtilities:FTP &oFTPUtil = create TR:FileUtilities:FTP();
+/* HTTP */+
+/*******************************************************************************/+
Local Message &msgHTTP;
Local Message &msgResult;
+&msgHTTP = CreateMessage(Message.PMT_FLAT_FILE_INBOUND);+
+&oFTPUtil.PopulateFTPGetIBInfo(&msgHTTP, BSP_IMPORT_AET.BANKNODE.Value);+
+&msgResult = %IntBroker.ConnectorRequest(&msgHTTP);+
+/* check to see if the file is wrapped */+
+&strAllLines = &msgResult.GenXMLString();+
+&strAllLines = Substitute(&strAllLines, Char(26), " "); /* Added this line to remove invalid characters */+
+/*******************************************************************************/+
Edited by: Maher on Mar 20, 2012 3:28 PM -
HANDLING HTTP "GET" IN SENDER ADAPTER
Hi,
I have a Scenario where I have to use HTTP GET Adapter to get data from a website daily to PI and Post the data from PI to SAP ECC.On the receiver end Idoc is being used.I need help on what to use (From sdn I came to know that Java Proxy or Adapter Module can be used ) and how to configure the sender adapter in this scenario.In case of Adpater module the steps needed to configure the scenario would be helpful.In case of Java Proxy sample code that would suit the scenario would be appreciated.Only 7.3 version (Latest) supports HTTP GET method. All previous versions support only POST.
In your case java proxy is better choice.
Refer these standard links.
http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/7d4db211-0d01-0010-1e8e-9b07fc2113ab?quicklink=index&overridelayout=true
http://wiki.sdn.sap.com/wiki/display/Java/JavaProxyChangesinPI7.1fromPI7.0
http://help.sap.com/saphelp_nwesrce/helpdata/en/86/58cd3b11571962e10000000a11402f/content.htm
Basically you have to create java proxy for the outbound (sender) interface and use those proxy(stub) objects to code in java. Refer sender java proxy in the above link. -
HTTP GET Error - PI does not allow more than 200 chars in the dynamic URL
Hi Everyone,
Scenario RFC <-> PI <-> HTTP (GET).
PI 7.1, Service Pack 05.
HTTP Setup > URL Address
The response comes back from the target server when stuffing the URL path in the communication channel "Path" field.
/rest?&xml_request=......................................................
The requirement is to dynamically create the URL in the mapping program. While doing this the interface error out saying the URL exceeds the character limit of 200.
Any thoughts on this would be highly appretiated.
Thanks,
AJPlease check Mark's reply
http://forums.sdn.sap.com/thread.jspa?threadID=1944129 -
How to do HTTP GET effectively in PI
Hi ,
I need to download a csv file using HTTPS GET using .Looks like the plain HTTP adaptor only supports POST.I plan to do it by writing a Java client.My question is where to write the implementation ie in Mapping,wrap it under a SOAP web service etc.
Any inputs will be appreciated.
Regards,
PremjitHi,
Did you checked the below blog
/people/amol.joshi2/blog/2006/06/28/must-fire-a-http-get-from-xi---try-this
which details the implementation of using java
HTH
Rajesh
Maybe you are looking for
-
Only one color label set per photo???
I had thought I could make good use of color label sets to visually organize page-layout/photo-groupings from collections, like those three red ones will go to page 3 and those 2 blue ones on page 4. AND then I though I could just switch to a Printin
-
Handle data type like CURR in generic table
HI ALL I'm working on daynamic structure <ls_attributes> and the values of fields are type string lsmapping-field_value_ here in the code i try to fill structure <ls_attributes> with acatul values from it_mapping. This is the code that im using io_
-
How to chk SP in sunone 6.1
How can i chk SP in sun one 6.1 on solaris 8 apart from the message when we stop and start the web server ?
-
Answers hitting wrong fact in BMM layer
Hi All, I have 2 facts mainly CURRENT and AGO both at the day level.Now when i try to push columns from dimensions and put the filter in date then it is hitting AGO fact but i want to CURRENT fact. Any Suggestions. Regards
-
Time capsule not working - fixing hdd with disk utility
My time capsule stopped backing up today. It couldn't connect to the airport disk. So I opened up the Time Capsule and connected the HDD to my laptop hoping that running disk utility would find some simple error and fix it. After running the verif