ACE HTTPS GET PROBE

I have been asked to set up a HTTPS probe with a get request, the encryption is done between the connections on the servers, IBM Datapower Websphere servers, will i still be able to set up a HTTPS get probe and also how do i configure it?
Thanks
Nouraj

Hi Nouraj,
Yes, actually its the same command used with HTTP probes, Ex:
probe https ABMJ-test
  request method get url /test.html
Best regards,
Ahmad

Similar Messages

  • ACE http health probes - best practice for interval and passdetect interval?

    Hi,
    Is there a recommended standard for http health probes in terms of interval and passdetect interval timings, i.e. should the passdetect interval always be less than the interval or visa versa? Can a http probe be 'mis-configured', i.e. return a 'false positive' by configuring an interval timeout thats 'incompatible' with the device it's polling?
    I have a http probe for a serverfarm consisting of two Apache http servers and get intermittent 'server reply timeout' probe failures. I'm keen to ensure that the configuration of the probe isn't at fault so I can be confident that a failed probe indicates a problem with the server and not my configuration.
    The probe is currently configured as below:-
    probe http http-apache
      interval 30
      passdetect interval 15
      passdetect count 6
      request method get url /cs/images/ACE.html
      expect status 200 304
    Any advice on the subject woud be gratefully received.
    thanks
    Matthew

    Hi Gilles,
    Thanks for the advice. In another dicussion (found here https://supportforums.cisco.com/message/462397#462397) a poster has stated that:-
    "(The) "Probe interval" should always be less then (open+recieve) timeout  value. Default open & receive timeouts are 10 seconds."
    Are you able to advise on whether the above is correct and if so, why? I currently have an interval value of 30 that obviously goes against the advice above (which I've interpretted to mean that if you leave the open & receive timeouts at their default settings your probe interval should be less than 20 seconds?).
    thanks
    Matthew

  • HTTP GET Probe Monitoring

    I am trying to monitor our web servers from our load balancer with an HTT probe  This probe keeps failing.  Its monitoring a Windows sharepoint server, and I can get to the test page with my credentials, but the Probe seemingly cant pull it.  Is there something in here I am doing wrong?  I have attached a screen shot of the probe for reference. I keep getting probe failed.  Ive tried a lot of different permutations of this probe config with no success.   Any help with anyone who has done this before would be awesome

    ACE-4710-DR/Admin# sh probe HTTP-GET  detail
     probe       : HTTP-GET
     type        : HTTP
     state       : ACTIVE
     description : Test for I-am-alive.html
       port      : 80      address     : 0.0.0.0         addr type  : -
       interval  : 15      pass intvl  : 60              pass count : 3
       fail count: 3       recv timeout: 10
       http method      : GET
       http url         : http://aspenintranet/PSC/Pages/I-am-alive.html
       conn termination : GRACEFUL
       expect offset    : 0         , open timeout     : 1
       regex cache-len  : 0
       expect regex     : -
       send data        : -
                    ------------------ probe results ------------------
       associations ip-address      port  porttype probes   failed   passed   health
       ------------ ---------------+-----+--------+--------+--------+--------+------
       rserver     : 10.22.5.100
                    10.22.5.100     80    --       2970     2970     0        FAILED
       Socket state        : CLOSED
       No. Passed states   : 0         No. Failed states : 1
       No. Probes skipped  : 0         Last status code  : 401
       No. Out of Sockets  : 0         No. Internal error: 0
       Last disconnect err : Received invalid status code
       Last probe time     : Fri May 23 11:33:29 2014
       Last fail time      : Wed May 21 10:04:45 2014
       Last active time    : Never

  • ACE HTTP Probe with regex

    ACE HTTP Probe with regex
    Hi,
    I'm trying to setup a HTTP probe with expected string rather then a code (config below). I do a GET for the page then a search for a string in the response however it's not working, as probe appears as failed.
    I've tested the connection to the server by using telneting and then looking at the page displayed to make sure the string I want to match is in the response.
    probe http HTTP-PROBE
    port 43050
    interval 30
    passdetect interval 30
    passdetect count 1
    request method get url /action=help
    open 43050
    expect regex action=help
    Q. Is there anything wrong with this configuration and what I'm trying to achive?
    Thanks,
    Pritesh

    Use "expect status" under probe config. expect regex doesnt work if expect status is not configured.
    expect regex work flawlessly with static pages. It doesnt work all the time with dynamic pages.
    Specially if "content-length" header is missing from Server response.
    Hope it helps
    Syed Iftekhar Ahmed

  • ACE HTTP probe hash md5 value

    Hi,
    We would like to see the hash value calculated by the ACE when the HTTP probe hash command configured.
    This is possible on CSS via the "sh service" command. We have tried to get it from sh rserver , sh probe XXX detail sh serverfarm XXX det but we do not get it.
    Is this possible to get it on the ACE as we do on the CSS?
    We need this to manually configure it via the hash <value> command because if the ACE probe is reseted for any reason, the probe http hash will be re-calculated based on the first http response of the server and we can not predict that the server will give the expected web page at this time.
    A // question is: on what the md5 value is calculated? HTTP header + payload or only http object payload? We have calculated the md5 hash value by ourselves but the probe is still failing whatever the http portion used for the calculation is.
    Many thanks for your help.
    Regards/ludovic.

    probe http MD5-HTTP
    interval 15
    passdetect interval 15
    request method get url /index.html
    expect status 200 200
    hash 2441DA7F68A265F8CFB4426B6897CE33
    And here is how I computed the hash on the server itself [linux machine]
    md5sum /var/www/HTML/index.html
    2441da7f68a265f8cfb4426b6897ce33 /var/www/HTML/index.html
    [root@linux-1 tftpboot]#
    The probe is UP
    switch/Admin# sho probe MD5-HTTP detail
    probe : MD5-HTTP
    type : HTTP
    state : ACTIVE
    description :
    port : 80 address : 0.0.0.0 addr type : -
    interval : 15 pass intvl : 15 pass count : 3
    fail count: 3 recv timeout: 10
    http method : GET
    http url : /index.html
    Hash-value : 2441da7f68a265f8cfb4426b6897ce33
    conn termination : GRACEFUL
    expect offset : 0 , open timeout : 10
    expect regex : -
    send data : -
    --------------------- probe results --------------------
    probe association probed-address probes failed passed health
    ------------------- ---------------+----------+----------+----------+-------
    serverfarm : linux1
    real : linux1[0]
    192.168.30.27 13 4 9 SUCCESS
    md5sum is a standard tool.
    Nothing fancy about it.
    Gilles.

  • ACE keep probing real servers using "https get 302"

    Hi all,
    I got one problem with cisco ACE in my company. Currently, two ACE appliances are working as HA redundancy. Previously I enabled some https and http probing using get 302 for some servers and services. But then I was told to remove all https or http probing, and instead use tcp port 443 and 80. After that, one of the serverfarm (server groups) is receiving https get 302 and I already checked in the monitoring and see whether there's any https probing regarding the respected real servers. But I could not find any. Even I disable all probing to that serverfarm, all the server members still receiving https get 302. Is this behavior a bug?
    The ACE version is A3(2.1). And the HA status is on standby cold. Can standby cold cause this kind of trouble?

    Hi Daniel,
    I just corrected the cert problem and made the state peer into standby hot. But still it still keep probing the get 302. And then I tried to restart both ACEs. The first step is to restart the second ACE (standby) and then switched over all context to the second one. The problem is that when I made the second one to be active, some services were not working, especially the ones with ssl terminated in ACE. I'm pretty sure that both ACEs were in sync.
    Any idea what is the problem?

  • HTTP Get healthprobe with AD user authentication

    Hi,
    I'm throwing this one out there to the ACE module Load-balancing experts!
    how do I configure a request method get url for google.co.uk so that it authenticates a healthprobe AD user with a Bluecoat proxy appliance?
    The objective here is to have a probe run a http get to google to test our bluecoat proxy appliance and then failover to another real server (or bluecoat appliance)
    Thanks

    Hi Matthew,
    This would partially depend on the authentication type defined on your Bluecoat proxy.
    For most of the setups, it should be enough to configure the credentials to be used under the probe parameters with the "(config-probe-http)# credentials " command.
    If this doesn't work, you may also try inserting an authentication header inside the request. Again configured under the probe parameters.
    For more details on the available options, please refer to http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/vA2_3_0/configuration/slb/guide/probe.html#wp1031398
    Regards
    Daniel

  • CSM HTTP Health Probe

    Is there any way to configure an HTTP health probe that will test a web page and fail if it takes too long for the server to respond. I have attempted to do this (see below) but the "receive" parameter doesn't seem to help. We are currently having a problem where one of the web servers for whatever reason gets really slow, while the other works fine with about the same number of users, I'd like to fail the slow when this occurrs.
    Here is my probe config:
    probe HTTP-SERVERASP http
    request method get url /server.asp
    expect status 200 299
    interval 5
    failed 30
    receive 5
    Thanks...Jeff

    Jeff,
    receive seems to be the solution for what you need.
    Did you verify how fast/slow the server is responding.
    Currently you allow 5 sec for the response to come back and 3 consecutives must fail before the server is brought down, so if your server resond 1 time fast enough, the server stays up.
    So, use a sniffer trace to verify the response time.
    Send me the trace if you want.
    Gilles.

  • ACE 4700 ssl probe failure

    We recently updated one of our servers to a new SSL certificate using the 4096 bit cipher key. Now the ACE probe to that server fails.
    We have SSL version set to any and SSL cipher set to any. Id there a problem with a ACE https probe not supporting cipher keyes longer then 1024 bit ?

    Hello DLance,
    The ACE supports ssl certs upto 2048bits..
    If you refer to the following guide, there is mention of the 2048 limit:
    http://www.cisco.com/en/US/partner/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA4_1_0/configuration/ssl/guide/certkeys.html
    HTH. Regards.

  • ACE http/https redirect or rewrite

    Greetings,
    We have a setup that requires ACE http/https redirection or rewrite.
    A client connects to a secured Web portal which has its ssl termination on the ACE.
    The web portal will request from the client a redirection to another application. As the portal is unaware that the incoming client https request was terminated on the ACE,
    the client receives the redirect request for an unsecured http URL rather than for the secured https URL.
    In this case what would be best to use? ACE "rewrite" or "redirect"?
    Will the following example config for ACE "redirect" be sufficent to implement this?
    ssl-proxy service ssl-App-443-81
    key app1.test.com.key
    cert app1.test.com.cert
    rserver redirect App-secure-redirect
    webhost-redirection https://app1.test.com/Go/
    inservice
    serverfarm redirect App-secure-redirect-sf
    rserver App-secure-redirect
    inservice
    serverfarm host App-81-sf
    probe TCP81
    rserver proxy1 81
    inservice
    rserver proxy2 81
    inservice
    parameter-map type http http_param_map
    header modify per-request
    sticky http-cookie App-cookie App-sticky
    cookie insert
    replicate sticky
    serverfarm App-81-sf
    class-map match-any App-443-81-cm
    2 match virtual-address 10.10.10.112 tcp eq https
    class-map match-any App-81-cm
    2 match virtual-address 10.10.10.112 tcp eq 81
    class-map type http loadbalance App-secure-redirect-cm
    match http url http://app1.test.com:81/Go/
    policy-map type loadbalance http first-match App-rewrite-pm
    class App-secure-redirect-cm
    serverfarm App-secure-redirect-sf
    policy-map type loadbalance http first-match App-sticky-443-81-pm
    class class-default
    sticky-serverfarm App-sticky
    policy-map multi-match policy-inbound
    class App-81-cm
    loadbalance vip inservice
    loadbalance policy App-rewrite-pm
    loadbalance vip icmp-reply active
    loadbalance vip advertise active
    class App-443-81-cm
    loadbalance vip inservice
    loadbalance policy App-sticky-443-81-pm
    loadbalance vip icmp-reply active
    loadbalance vip advertise active
    appl-parameter http advanced-options http_param_map
    ssl-proxy server ssl-App-443-81

    If you are offloading www.yoursite.com on ACE and on the backend
    real servers are not ssl aware (sends URL with http://) then with
    following sample config you can instruct ACE to rewrite such urls (http->https)
    class-map match-all VIP-443
    match virtual-address x.x.x.x tcp eq https
    action-list type modify http HTTP2HTTPS-REWRITE
    ssl url rewrite location www\.yoursite\.* sslport 443 clearport 80
    policy-map type loadbalance first-match YOUR-POLICY
    class class-default
    serverfarm YOUR-SFARM
    action HTTP2HTTPS-REWRITE
    class VIP-443
    loadbalance vip inservice
    loadbalance policy YOUR-POLICY
    loadbalance vip icmp-reply active
    ssl-proxy server YOUR-SSL-SERVICE
    You need Ace2.x+ on Ace module & 3.x+ on 4710 appliance for this feature.
    Syed Iftekhar Ahmed

  • Using ADFS authentication to perform SSO via HTTP GET request

    Hi,
    Can i authenticate users (those users are clients, at home) to a web application using ADFS without SAML tokens?
    The situation is that i want the clients to perform SSO to the website via a link they receive in their mailboxes. 
    I thought about a solution that combines JWT in a URL link that each user will get to his private mail. this link will contain the users' claim (such as ID Num, given from AD DS Server dedicated especially for them).
    Thus, the user will receive an email with a link that already contains a short period of time JWT to perform SSO to the webapp.
    Is it possible ? anybody heard about a similar solution ?

    Sandra
    Thanks for your message
    Here is the my requirment
    The basic flow of a Where 2 Get It REST API call is:
    1) create the required XML structure,
    2) URI encode it,
    3) make a HTTP GET request,
    4) then parse the return XML document.
    Currently i have some data in ABAP structure with 5 fields, i need to create XML from the those 5 fields,and needs to be URI
    encode it, and then needs to make a HTTP get request to connect Where to Get It REST API, finally it will return XML document via HTTP Get request , and then needs to convert the return XML to  ABAP structure for further processing .the above 4 points will be implemented in my report.
    Any  body could help on this

  • Retrieve data from a non-peoplesoft application using HTTP Get

    I need to retrieve data from a non-peoplesoft application. They want us to submit a HTTP GET request to their URL with a series of parameters. I am thinking about using HTTP Targert connector to accomplish this. Does anyone have sample peoplecode?
    Currently we are on 8.51.10 Tools...
    If there is any better way .. please let me know ..

    I have used HTTP Get to get XML file from a government sanction list by hitting URL http://www.treasury.gov/ofac/downloads/sdn.xml
    There is a delivered PS program that does that for vendor sanctions. I had to get the online setup correctly by creating a new custom Node with HTTP Target Connector. The program name is BSP_IMPORT. The below code is responsible for the calling the node and retrieving the data. Play around with the code below see if you can get it to meet your needs.
    BSP_IMPORT_AET.BANKNODE.Value is just the custom external code that I created.
    PMT_FLAT_FILE_INBOUND message is just a none rowset based message to use the web service call.
    Local TR:FileUtilities:FTP &oFTPUtil = create TR:FileUtilities:FTP();
    +/* HTTP */+
    +/*******************************************************************************/+
    Local Message &msgHTTP;
    Local Message &msgResult;
    +&msgHTTP = CreateMessage(Message.PMT_FLAT_FILE_INBOUND);+
    +&oFTPUtil.PopulateFTPGetIBInfo(&msgHTTP, BSP_IMPORT_AET.BANKNODE.Value);+
    +&msgResult = %IntBroker.ConnectorRequest(&msgHTTP);+
    +/* check to see if the file is wrapped */+
    +&strAllLines = &msgResult.GenXMLString();+
    +&strAllLines = Substitute(&strAllLines, Char(26), " "); /* Added this line to remove invalid characters */+
    +/*******************************************************************************/+
    Edited by: Maher on Mar 20, 2012 3:28 PM

  • HANDLING HTTP "GET"  IN SENDER ADAPTER

    Hi,
    I have a Scenario where I have to use HTTP GET Adapter  to get data from a website daily to PI and Post the data from PI to SAP ECC.On the receiver end Idoc is being used.I need help on what to use (From sdn I came to know that Java Proxy or Adapter Module can be used ) and how to configure the sender adapter in this scenario.In case of Adpater module the steps needed to configure the scenario would be helpful.In case of Java Proxy sample code that would suit the scenario would be appreciated.

    Only 7.3 version (Latest) supports HTTP GET method. All previous versions support only POST.
    In your case java proxy is better choice.
    Refer these standard links.
    http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/7d4db211-0d01-0010-1e8e-9b07fc2113ab?quicklink=index&overridelayout=true
    http://wiki.sdn.sap.com/wiki/display/Java/JavaProxyChangesinPI7.1fromPI7.0
    http://help.sap.com/saphelp_nwesrce/helpdata/en/86/58cd3b11571962e10000000a11402f/content.htm
    Basically you have to create java proxy for the outbound (sender) interface and use those proxy(stub) objects to code in java. Refer sender java proxy in the above link.

  • HTTP GET Error - PI does not allow more than 200 chars in the dynamic URL

    Hi Everyone,
    Scenario RFC <-> PI <-> HTTP (GET).
    PI 7.1, Service Pack 05.
    HTTP Setup > URL Address
    The response comes back from the target server when stuffing the URL path in the communication channel "Path" field.
    /rest?&xml_request=......................................................
    The requirement is to dynamically create the URL in the mapping program. While doing this the interface error out saying the URL exceeds the character limit of 200.
    Any thoughts on this would be highly appretiated.
    Thanks,
    AJ

    Please check Mark's reply
    http://forums.sdn.sap.com/thread.jspa?threadID=1944129

  • How to do HTTP GET effectively in PI

    Hi ,
        I need to download a csv file using HTTPS GET using .Looks like the plain HTTP adaptor only supports POST.I plan to do it by writing a Java client.My question is where to write the implementation ie in Mapping,wrap it under a SOAP web service etc.
    Any inputs will be appreciated.
    Regards,
    Premjit

    Hi,
         Did you checked the below blog
    /people/amol.joshi2/blog/2006/06/28/must-fire-a-http-get-from-xi---try-this
    which details the implementation of using java
    HTH
    Rajesh

Maybe you are looking for

  • Only one color label set per photo???

    I had thought I could make good use of color label sets to visually organize page-layout/photo-groupings from collections, like those three red ones will go to page 3 and those 2 blue ones on page 4. AND then I though I could just switch to a Printin

  • Handle data type like CURR in generic table

    HI ALL I'm working on daynamic structure <ls_attributes>  and the values of fields are type string  lsmapping-field_value_ here in the code i try to fill structure <ls_attributes> with acatul values from it_mapping. This is the code that im using io_

  • How to chk SP in sunone 6.1

    How can i chk SP in sun one 6.1 on solaris 8 apart from the message when we stop and start the web server ?

  • Answers hitting wrong fact in BMM layer

    Hi All, I have 2 facts mainly CURRENT and AGO both at the day level.Now when i try to push columns from dimensions and put the filter in date then it is hitting AGO fact but i want to CURRENT fact. Any Suggestions. Regards

  • Time capsule not working - fixing hdd with disk utility

    My time capsule stopped backing up today.  It couldn't connect to the airport disk.  So I opened up the Time Capsule and connected the HDD to my laptop hoping that running disk utility would find some simple error and fix it.  After running the verif