Prob in script
Dear All,
I am working in Script and my Amount total is coming in the format like 82,935,180.00. Now I want Amount total should come in the format like 8,29,35,180.00.
How I will make that changes.
Please help me.
Thanks & regards,
Abhay.
Hi
This can be handled using:
SET COUNTRY
or With the help of User Profile.
Regards,
Sree
Similar Messages
-
ME9F Trial Printout - prob in script
Hi Friends,
I have one prob in me9f transaction, Their is one trial printout button and one 'z'form script is attched to
it , I done one modification in the same that on function code of trial printout button '9DPR' i write one code in script IF &SY-UCOMM& = '9DPR'
Disclaimer- This is Draft print out and should not be treated as legal document.
ENDIF.
when we click on trial printout button,this line is comming only when when we go to se71 and put activate debugger same form is call.
but if we click on trial printout button without activating debugger this line is not comming in printout.but form attached is same.
so pl help me for the same, because user directly click on trial printout button he will get the output.Hi!
i think there is a commit problem in your program.
you can use after modification this code as the data modified is not updated till the time u again process it..
commit work.
wait up to 10 seconds.
i hope this solves your problem. -
Looking for ACE Probe TCL script specific for LDAPS
Hello Everyone,
I have searched the forum, and i am having difficulty finding an example of how to modify the LDAP TCL probe from port 389 to secure LDAP port 636.
Could someone kindly point me or provide me the modified TCL script if you happen to have it.
During my search I also found a config that someone had provided, which contained the following probe:
probe tcp LDAPS_Probe
port 636
probe tcp LDAP_Probe
port 389
I was trying to figure out if this a modified TCL script for LDAP or modifed TCP TCL script specific for port 636.
This is how I applied the script for LDAP port 389.
script file 1 LDAP_PROBE
probe scripted LDAP_PROBE_389
interval 5
passdetect interval 30
receive 5
script LDAP_PROBE
serverfarm host SF-LDAP-389
description SF LDAP Port 389
predictor leastconns
probe LDAP_PROBE_389
rserver LDAP-RS1-389
inservice
I will be more than glad to provide you any additional information that you need.
As always thanks for your input.
Raman Azizian
SAIC/NISN Network servicesnormally you would engage a TCL developer or ciso advanced services to develop a custom script for anything other than what Cisco provides in canned scripts. If you are comfortable with tcl you can do it yourself. Here is an example of the LDAP script modified to include initiation via ssl. default port is 389 when you implement you would specify 636.
#!name = LDAP_PROBE
# Description:
# LDAP_PROBE opens a TCP connection to an LDAP server, sends a bind request. and
# determines whether the bind request succeeds. LDAP_PROBE then closes the
# connection with a TCP RST.
# If a port is specified in the "probe scripted" configuration, the script probes
# each suspect on that port. If no port is specified, the default LDAP port 389
# is used.
# Success:
# The script succeeds if the server returns a bind response indicating success
# (status code 0x0a0100) to the bind request.
# The script closes the TCP connection with a RST following a successful attempt.
# Failure:
# The script fails due to timeout if the response is not returned. This
# includes a failure to receive ARP resolution, a failure to create a TCP connection
# to the port, or a failure to return a response to the LDAP bind request.
# The script also fails if the server bind response does not indicate success.
# This specific error returns the 30002 error code.
# The script closes any attempted TCP connection, successful or not, with a RST.
# PLEASE NOTE: This script expects the server LDAP bind response to specify length
# in ASN.1 short definite form. Responses using other length forms (e.g., long
# definite length form) will require script modification to achieve success.
# SCRIPT version: 1.0 April 1, 2008
# Parameters:
# [DEBUG]
# username - user login name
# password - password
# DEBUG - optional key word 'DEBUG'. default is off
# Do not enable this flag while multiple probe suspects are configured for this
# script.
# Example config :
# probe scripted USE_LDAP_PROBE
# script LDAP_PROBE
# Values configured in the "probe scripted" configuration populate the
# scriptprobe_env array. These may be accessed or manipulated if desired.
# Documentation:
# A detailed discussion of the use of scripts on the ACE is included in
# "Using Toolkit Command Language (TCL) Scripts with the ACE"
# in the "Load-Balancing Configuration Guide" section of the ACE documentation set.
# Copyright (c) 2005-2008 by Cisco Systems, Inc.
# debug procedure
# set the EXIT_MSG environment variable to help debug
# also print the debug message when debug flag is on
proc ace_debug { msg } {
global debug ip port EXIT_MSG
set EXIT_MSG $msg
if { [ info exists ip ] && [ info exists port ] } {
set EXIT_MSG "[ info script ]:$ip:$port: $EXIT_MSG "
if { [ info exists debug ] && $debug } {
puts $EXIT_MSG
# main
# parse cmd line args and initialize variables
## set debug value
set debug 0
if { [ regsub -nocase "DEBUG" $argv "" argv] } {
set debug 1
ace_debug "initializing variable"
set EXIT_MSG "Error config: script LDAP_PROBE \[DEBUG\]"
set ip $scriptprobe_env(realIP)
set port $scriptprobe_env(realPort)
# if port is zero the use well known ldap port 389
if { $port == 0 } {
set port 389
# PROBE START
# open connection
ace_debug "opening socket"
set sock [ socket -sslversion all -sslcipher RSA_WITH_RC4_128_MD5 $ip $port ]
fconfigure $sock -buffering line -translation binary
# send a standard anonymous bind request
ace_debug "sending ldap bind request"
puts -nonewline $sock [ binary format "H*" 300c020101600702010304008000 ]
flush $sock
# read string back from server
ace_debug "receiving ldap bind result"
set line [read $sock 14]
binary scan $line H* res
binary scan $line @7H6 code
ace_debug "received $res with code $code"
# close connection
ace_debug "closing socket"
close $sock
# make probe fail by exit with 30002 if ldap reply code != success code 0x0a0100
if { $code != "0a0100" } {
ace_debug " probe failed : expect response code \'0a0100\' but received \'$code\'"
exit 30002
## make probe success by exit with 30001
ace_debug "probe success"
exit 30001 -
Hello everyone, okay?
I was thinking of a possibility to use my ACE to monitor a database, in this case a MySQL database Today I use a TCP probe, monitoring the port, but I would go one step further and try to make a connection in the DATABASE.
I would like to see the possibility of a guideline in creating a TCL script to make a simple connection to a database.
The idea is to try to make a connection in a database, run a query / select on any table just to validate its functionality and not just checking if the port is responding.
I do not know how complex it is or what would be my pre -requisites required, but any help would be welcome.
I thought about using an HTTP probe to make this validation and use a web page making the connection to the database, but it ended up creating another layer and if there is any problem in web service, the database would be affected indirectly.
Thank you. All suggestions are welcome.Hi Plinio,
I cannot see any support for testing authentication, SQL queries or connections to a database that is supported directly in TCL at this time.
Here is the TCL guide that expalains the supported commands ( there is a HTTP example probe at the bottom )
http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA4_2_0/configuration/slb/guide/script.html
Beyond a TCL TCP probe to the port to test the listener is running, I believe your suggestion of a HTTP TCL script is probably the most accurate way to check the integrity of the database. You could write code to set a certain response to all types of failure scenarios and on the ACE you could then use a HTTP TCL script to parse the response from the web server to identify exactly what has failed in your database and act accordingly.
cheers,
Chris -
Function of health probe timers on CSM
Hi,
we use the following configuration on a csm to monitor a server farm and I'm wondering how exactly the probe timers work.
===
serverfarm sf
nat server
nat client natpool1
failaction purge
real name serv1
weight 1
inservice
real name serv2
weight 1
inservice
probe probe1
probe probe1 script
script LDAP_PROBE
interval 5
retries 2
receive 1
port 389
===
So in my eyes the probes are sent every 5 seconds. When a probe isn't answered within one second it's marked as failed. If two probes are failed (retries 2) the real server is marked as down.
Is this correct?
In a network trace I see a different behaviour: Probes are sent every 5 seconds. If a real server goes out-of-service I see a probe which is not answered and the next probe is sent after 10 seconds (I expected 5 seconds). 5 seconds later the real server is marked down in the switch log.
It would be fine if anybody could help me.
Best Regards,
Thorsten SteffenHi,
following the meaning of the parameters:
Router(config-slb-probe)#
interval seconds
Sets the interval between probes in seconds (from the end of the previous probe to the beginning of the next probe) when the server is healthy.
Range = 2-65535 seconds
Default = 120 seconds
Router(config-slb-probe)#
retries retry-count
Sets the number of failed probes that are allowed before marking the server as failed.
Range = 0-65535
Default = 3
Router(config-slb-probe)#
failed failed-interval
Sets the time between health checks when the server has been marked as failed. The time is in seconds.
Range = 2-65535
Default = 300 seconds
Router(config-slb-probe)# open
open-timeout
Sets the maximum time to wait for a TCP connection. This command is not used for any non-TCP health checks (ICMP or DNS1).
Range = 1-65535
Default = 10 seconds
There are two different timeout values: open and receive. The open timeout specifies how many seconds to wait for the connection to open (that is, how many seconds to wait for SYN ACK after sending SYN). The receive timeout specifies how many seconds to wait for data to be received (that is, how many seconds to wait for an HTTP reply after sending a GET/HHEAD request). Because TCP probes close as soon as they open without sending any data, the receive timeout is not used.
When sniffing, you should see a probe each 5 seconds. When a probe fails for the first time, a second probe should be send after 5 seconds. when this probe fails too, the server is put out of service.
That should be the behaviour you should see.
HTH,
Dario -
Copy in sand-boxed app. in 1.6.0_24+
<ul>
<li>Problem Summary
<li>Question
<li>Typical Output
<li>See Also
<li>Accumulated Results
<ul>
<li>Not grabbing focus
<li>Grabbing focus
</ul>
<li>Source
<ul>
<li>PropertyProbe.java
<li>propertyprobe.jnlp
<li>js.html
<li>Java Scripts
</ul>
<li>Post Revisions
</ul>
<h2><a name="summary"></a>Problem Summary</h2>
A security bug was fixed recently in the JRE (1.6.0_24 in Sun's JRE). The result of the fix is that sand-boxed apps. no longer provide 'Ctrl-c' copy (or cut/paste) functionality by default on text output controls like JTextArea & JTable.
While Ctrl-c copy no longer works by default, it is possible to add the functionality back in for any applet run in a 'Next Generation' Java Plug-In. Since Java Web Start existed, JWS provided sand-boxed copy via. the JNLP API's javax.jnlp.ClipboardService, & since Sun 1.6.0_10, & the next gen. plug-in, embedded applets can be deployed using JWS & can access the JNLP API.
I have redesigned an applet that relied on the old functionality, to now use the JNLP API Services if available.
<h2><a name="question"></a>Question</h2>
Does it work for you?
To answer that question:
<ol>
<li>Surf on over to the applet at http://pscode.org/prop/js.html and attempt to copy the data. See the instructions in the page for details of how to copy using the old and new forms of the applet. If the button appears, you should be prompted as to whether to allow the copy.
<li>Paste the data here (assuming the copy is successful). Or report if it fails to copy or the applet fails to appear.
</ol>
<h2><a name="egoutput"></a>Typical Output</h2>
This is what you might see at the applet.
||Property||Value||
|java.version|1.6.0_24|
|java.vendor|Sun Microsystems Inc.|
|os.name|Windows 7|
|os.version|6.1|
<h2><a name="related"></a>See Also</h2>
This relates to the thread Copy & Paste Function in Java JDK 6 Update 24. That thread contains some interesting comments, including:
<ul>
<li>A link to Sami Koivu's blog entry that explains the security bug.
<li>My Re: Copy & Paste Function in Java JDK 6 Update 24 table.
</ul>
<h2><a name="results"></a>Accumulated Results</h2>
<p>The first form of the applet showed a variety of problems with 'post copy focus', if the security prompt appeared in the JWS form of the applet.
<h3><a name="nograbfocus"></a>Not grabbing focus</h3>
||Reporter||Browser||Version||OS name||OS version||Java Vendor||Java version||Focus post dialog||Comments||
|Andrew Thompson|IE|8.0.7600.16385|Windows 7|6.1|Sun Microsystems Inc.|1.6.0_24|applet|(1)|
|Andrew Thompson|Chrome|10.0.648.151|Windows 7|6.1|Sun Microsystems Inc.|1.6.0_24|page|(2)|
|Andrew Thompson|FF|3.6.16|Windows 7|6.1|Sun Microsystems Inc.|1.6.0_24|*nothing*|(3)|
|Walter Laan|FF|3.6.16|Windows 7|6.1|Sun Microsystems Inc.|1.6.0_20|*locked*|(4)|
|almightywiz|FF|3.6.16|Windows 7|6.1|Sun Microsystems Inc.|1.6.0_24|?|(5)|
|camickr|IE|8|Windows XP|5.1|Sun Microsystems Inc.|1.6.0_07|N/A|(6)|
|Christian|FF|3.6.15|Windows XP|5.1|Sun Microsystems Inc.|1.6.0_24|no problems|(7)|
|Walter Laan|?|?|Windows XP|5.1|Sun Microsystems Inc.|1.7.0-ea|page?|(8)|
|abillconsl|FF|3.6.13|Windows XP|5.1|Sun Microsystems Inc.|1.6.0_12|?|(9)|
<ol>
<li>Makes 'Ding' sound when copying the alert is dismissed (who said MS was not security conscious?).
<li>The only way to refocus the applet in Chrome is to click in it with the mouse.
<li>'Alt space' allowed me to minimize/restore FF, but no key combo. I could think of would restore focus to controls in the browser or applet.
<li>Reported serious problems with focus for FF on 1st start-up using 1.6.0_20 JRE. Unable to reproduce on the 1.6.0_24 JRE. Ref. {message:id=9470476}, {message:id=9470587}
<li>Reported no problems with focus. Ref. {message:id=9470371}
<li>1st report for a pre plug-in2 JRE. IE 8 produced no prompts (as expected), so the 'Focus post dialog' does not apply. No auditory warnings. Ref. {message:id=9470761}
<li>'No problems with focus.'. Ref. {message:id=9474121}
<li>Focus returned to page, presumably. Ref. {message:id=9474513}
<li>Ctrl-a seemed to do nothing. No mention of focus. Ref. {message:id=9477829}
</ol>
<h3><a name="grabfocus"></a>Grabbing focus</h3>
<p>The second form of the applet has a provision to grab the focus immediately after the copy (and presumably after the trust dialog).
||Reporter||Browser||Version||OS name||OS version||Java Vendor||Java version||Focus post dialog||Comments||
|camickr|IE|8|Windows XP|5.1|Sun Microsystems Inc.|1.6.0_07|N/A|(1)|
|Andrew Thompson|IE|8.0.7600.16385|Windows 7|6.1|Sun Microsystems Inc.|1.6.0_24|applet|-|
|Andrew Thompson|Chrome|10.0.648.151|Windows 7|6.1|Sun Microsystems Inc.|1.6.0_24|applet|-|
|Andrew Thompson|FF|3.6.16|Windows 7|6.1|Sun Microsystems Inc.|1.6.0_24|applet|-|
|Paŭlo Ebermann|FF?|?|Linux2.6.34.7-0.7-desktop|2.6.34.7-0.7-desktop|Sun Microsystems Inc.|1.6.0_20|?|(2)|
|bogdana|IE|9.0.8112.16421|Windows 7 |6.1|Sun Microsystems Inc.|1.6.0_22 |applet|(3)|
<ol>
<li>The first result for camickr can be inferred from the fact that a pre plug-in2 applet should behave the same in both forms of the applet. Ref. {message:id=9470761}
<li>There are further updates on that thread that have not yet been reflected here. See the thread for details. Ref. P.E. comments at SO
<li>Also reported the auditory warning in IE when dialog disappears. Ref. {message:id=9488352}
</ol>
<h3><a name="java"></a>PropertyProbe.java</h3>
package org.pscode.tool.property;
import java.awt.*;
import java.awt.event.*;
import java.awt.datatransfer.StringSelection;
import javax.swing.*;
import javax.swing.table.*;
import javax.swing.border.EmptyBorder;
import java.util.Locale;
import java.security.AccessControlException;
import javax.jnlp.*;
/** Adds a comma delimited list of property names defined in the
props param, to the constructor of a new PropertiesPanel and
displays it. */
public class PropertyProbe extends JApplet {
static String[] defaultProps = {
"os.name",
"os.version",
"os.arch",
"java.vendor",
"java.version",
"java.vm.version",
"default_locale",
"display_mode",
"win.highContrast.on",
"win.text.fontSmoothingOn",
"win.defaultGUI.font",
"awt.font.desktophints",
"awt.mouse.numButtons",
"awt.multiClickInterval"
public void init() {
String propertyNames = getParameter("prop");
String[] props;
if (propertyNames==null) {
//getContentPane().add( new JLabel("Must specify 'prop' to query!") );
props = defaultProps;
} else {
props = propertyNames.split(",");
boolean grabFocus = getParameter("jnlp.grab.focus")!=null;
System.out.println("jnlp.grab.focus: " + grabFocus);
boolean jnlpServicesAvailable = getParameter("jnlp.launched")!=null;
PropertyPanel pp = new PropertyPanel(props, jnlpServicesAvailable, grabFocus);
pp.setPreferredSize(new Dimension(200,140));
getContentPane().add( pp );
validate();
public static void main(final String[] args) {
Runnable r = new Runnable() {
public void run() {
String[] props = defaultProps;
if (args.length>0) {
props = args;
boolean jnlpServicesAvailable = false;
try {
Class.forName("javax.jnlp.ServiceManager");
jnlpServicesAvailable = true;
System.out.println("JNLP services available!");
} catch(Throwable t) {
t.printStackTrace();
System.out.println("JNLP services ***NOT*** available!");
PropertyPanel pp = new PropertyPanel(props, jnlpServicesAvailable, false);
pp.setPreferredSize(new Dimension(200,200));
JPanel mainPanel = new JPanel(new BorderLayout());
mainPanel.setPreferredSize(new Dimension(400,200));
mainPanel.add( pp );
JFrame f = new JFrame("Property Probe");
f.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE);
f.setContentPane(mainPanel);
f.pack();
try {
f.setLocation(50,50);
f.setLocationRelativeTo(null);
f.setLocationByPlatform(true);
f.setMinimumSize( f.getSize() );
} catch(Exception e) {
f.setVisible(true);
EventQueue.invokeLater(r);
class PropertyPanel extends JPanel {
/** The JNLP API service used for copy in apps. deployed using JWS. */
private ClipboardService clipboardService;
private boolean grabFocus = false;
private JTable table;
/** A widget (JTable) of values for properties specified in the
array of property names. The properties are sourced from the
system, environment and AWT toolkit properties.If there is no
value defined in one of those three, 'null' is displayed. */
PropertyPanel(String[] props, boolean jnlpServicesAvailable, boolean grabFocus) {
super(new BorderLayout());
this.grabFocus = grabFocus;
setBorder( new EmptyBorder(5,5,5,5) );
String[][] propValuePairs = new String[props.length][2];
for ( int ii=0; ii<props.length; ii++ ) {
propValuePairs[ii][0] = props[ii];
propValuePairs[ii][1] = getProperty( props[ii] );
String[] header = {"Property","Value"};
table = new JTable( propValuePairs, header );
try {
table.setAutoCreateRowSorter(true);
} catch (Exception e) {
// pre 1.6 JRE, go with an unsorted table
this.add( new JScrollPane( table ) );
if (jnlpServicesAvailable) {
try {
clipboardService =
(ClipboardService)ServiceManager.
lookup("javax.jnlp.ClipboardService");
Action action = new CopyAction(
"Copy",
null,
"Copy data",
new Integer(KeyEvent.VK_CONTROL+KeyEvent.VK_C));
table.getActionMap().put( "copy", action );;
final JButton copy = new JButton("Copy to clipboard");
copy.setMnemonic('c');
copy.addActionListener( action );
JPanel bottomPanel = new JPanel(new FlowLayout(FlowLayout.CENTER));
bottomPanel.add(copy);
add(bottomPanel, BorderLayout.SOUTH);
// Expecting only javax.jnlp.UnavailableServiceException. But if we
// try to catch it, we get a NoClassDefFoundError in non JWS apps.!
} catch(Throwable use) {
use.printStackTrace();
System.err.println("Copy services not available. Copy using 'Ctrl-c'.");
/** Check for properties in the order of the toolkit, system
then environment, on the basis that all the toolkit properties
are available to sandboxed apps., as well as some of the system
properties, but none of the environment properties. */
public String getProperty(String prop) {
String value = null;
if ( prop.equals("default_locale") ) {
return Locale.getDefault().toString();
if ( prop.equals("display_mode") ) {
return getDisplayModeString();
value = getDesktopProperty(prop);
if (value!=null) {
return value;
value = getSystemProperty(prop);
if (value!=null) {
return value;
value = getEnvironmentProperty(prop);
if (value!=null) {
return value;
return "null";
public String getSystemProperty( String prop ) {
try {
return System.getProperty( prop );
} catch(AccessControlException ace) {
// this property is either restricted, /or/ 'null'
// the plug-in will not reveal which, for a sandboxed
// app.
return "unknown";
public String getEnvironmentProperty(String prop) {
try {
Object value = System.getenv().get(prop);
if (value==null) {
return null;
} else {
return value.toString();
} catch(AccessControlException ace) {
return null;
public String getDesktopProperty(String prop) {
Object value = Toolkit.
getDefaultToolkit().
getDesktopProperty(prop);
if (value==null) {
return null;
} else {
return value.toString();
public String getDisplayModeString() {
DisplayMode dm = GraphicsEnvironment.
getLocalGraphicsEnvironment().
getDefaultScreenDevice().
getDisplayMode();
String value =
dm.getWidth()
+
"x"
+
dm.getHeight()
+
+
dm.getRefreshRate()
+
"Hz "
+
dm.getBitDepth()
+
"bit"
return value;
public void copyData(Component source) {
TableModel model = table.getModel();
StringBuilder sb = null;
if (true) {
sb = new StringBuilder();
for (int ii=0; ii<model.getRowCount(); ii++) {
for (int jj=0; jj<model.getColumnCount(); jj++) {
sb.append( model.getValueAt(ii,jj).toString() );
sb.append( "\t" );
sb.append( "\n" );
String s = sb.toString();
if (s==null || s.trim().length()==0) {
JOptionPane.showMessageDialog(this,
"There is no data in the table!");
} else {
StringSelection selection =
new StringSelection(s);
clipboardService.setContents( selection );
if (grabFocus) {
source.requestFocus();
class CopyAction extends AbstractAction {
public CopyAction(String text, ImageIcon icon,
String desc, Integer mnemonic) {
super(text, icon);
putValue(SHORT_DESCRIPTION, desc);
putValue(MNEMONIC_KEY, mnemonic);
public void actionPerformed(ActionEvent e) {
copyData((Component)e.getSource());
}<h3><a name="jnlp"></a>propertyprobe.jnlp</h3>
<?xml version='1.0' encoding='UTF-8' ?>
<jnlp spec='1.0'
href='propertyprobe.jnlp'>
<information>
<title>Property Probe</title>
<vendor>PSCode.org - Andrew Thompson</vendor>
<description kind='one-line'>
Table for common Java properties.
</description>
<shortcut online='false'>
<desktop/>
</shortcut>
</information>
<resources>
<j2se version='1.2+' />
<jar href='propprobe.jar' main='true' />
</resources>
<applet-desc
main-class='org.pscode.tool.property.PropertyProbe'
name='applet'
width='600'
height='300' >
<param name='jnlp.launched' value='true' />
</applet-desc>
</jnlp><h3><a name="html"></a>js.html</h3>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<HTML>
<HEAD>
<title>
Property Probe - applet
</title>
<script type='text/javascript' src="http://www.java.com/js/deployJava.js"></script>
<script type='text/javascript' src='http://pscode.org/file/urlcode.js'></script>
<script type='text/javascript' src='http://pscode.org/file/queryprm.js'></script>
<script type='text/javascript' src='http://pscode.org/file/urlquery.js'></script>
<script type='text/javascript' src='http://pscode.org/file/appletparams.js'></script>
<script type='text/javascript'>
archiveName = "";
if (true) {
archiveName = 'propprobe.jar';
} else {
archiveName = 'propprobe-trusted.jar';
var attributes = {
code:'org.pscode.tool.property.PropertyProbe',
codebase:'../lib',
archive:archiveName,
width:'600',
height:'400'
var version = '1.2';
var params;
params.jnlp_href='../lib/propertyprobe.jnlp';
</script>
</HEAD>
<BODY>
<H1>Property Probe</H1>
<script type='text/javascript'>
deployJava.runApplet( attributes, params, version );
</script>
<P>.. (text & instructions)
</BODY>
</HTML><h3><a name="scripts"></a>JavaScripts linked in the HTML</h3>
'Sold separately' - pull them by direct fetch into your browser window, if you're that interested.
<h2><a name="revisions"></a>Post Revisions</h2>
Edited by: Andrew Thompson on Mar 26, 2011 5:32 AM
Changed subject.
Edited by: Andrew Thompson on Mar 26, 2011 5:19 PM
Added accumulated results and index, other tweaks.
Edited by: Andrew Thompson on Mar 31, 2011 11:08 AM
Removed 'how output appears in code tags'. Added latest results, 'grab focus' results. Changed URL to invoke 'grab focus'.
Edited by: Andrew Thompson on Apr 2, 2011 4:20 AM
Added 1st result from SO - on Linux system.
Edited by: Andrew Thompson on Apr 2, 2011 6:15 AM
Added latest result.Walter Laan wrote:
almightywiz wrote:
Walter Laan wrote:
The security popup really messes with the focus in Firefox (3.6.16) though.Not saying you're wrong, but I'm using FireFox 3.6.16, as well, and I have none of the focus troubles you've described.Cannot reproduce it now either. Weird.I got the impression you were referring to keyboard focus, so I did some further tests on focus behavior. The test results are listed in the Accumulated Results table on the 1st post.
The only browser so far that works as I'd expect, or at least as I'd like, is IE.
Applets and keyboard navigation have always been a PITA. Some time ago I vaguely recall seeing an update involving a new parameter to regulate initial focus (applet or page, ..or another applet), but for the life of me I cannot locate it now. Given that it was a parameter for initial focus, I doubt it would help in this case.
Edited by: Andrew Thompson on Mar 26, 2011 6:18 PM
Removed table which has now been expanded & added to 1st post. -
Greetings,
I have been testing a small java applet for a phpbb mod, named Proxy Revealer
Basically the java applet "phones home" (connects back to the http host serving the applet) via a Socket connection to establish a direct connection, then basically writes a custom HttpRequest string with some parameters passed to it from the php script's HTML, so it looks like:
GET /probe.php?mode=java&ip=initial_external_ip&extra=random_unique_identifier&local=LAN_IP&vendor=java_vendor&version=num&user_agent=browser
which would allow the php script on the host/site to verify the client's IP address, and compare it with the initial IP that requested the page which loaded the applet, as well as Internal LAN IP if user is behind a router/NAT
This allows the php script to unmask & log proxied users for security purposes, in case of spamming/trolling on the forum, in an attempt to thwart the average spammers/trollers at the least.
The applet and the code works as desired and in various browsers, but only on JRE 1.6.0_02 and earlier releases...
It seems ever since JRE 1.6.0_03, this has stopped working when the end-user has HTTP Proxy configured in the browser.
I tested latest JRE as of date, ver 1.6.0_07, with IE6, IE7 & Firefox 2.0.0.15 and 2.0.0.16 and it still exhibits this odd behavior.
This is what appears in Java Console when I try to visit the page serving this applet with an HTTP proxy configured in browser:
java.security.AccessControlException: access denied (java.net.SocketPermission xxx.xxx.xxx.xxx:80 connect,resolve)
xxx.xxx.xxx.xxx is the resolved IP of the server host that is hosting the applet, so basically the same origin....
If I disable the HTTP Proxy configured in the browser, the applet connects back fine. So it only happens when HTTP Proxy is configured in browser..
Is this a new feature or a bug??
Here's the java applet code:
// httpRequestor.java
// Copyright (c) MMVI TerraFrost
// Licensed under the GPL.
import java.applet.*;
import java.net.*;
public class HttpRequestor extends Applet
public void start()
try
String javaVendor = System.getProperty("java.vendor");
String javaVersion = javaVendor.startsWith("Microsoft") ? System.getProperty("java.version") : System.getProperty("java.vm.version");
Socket sock = new Socket(getParameter("domain"), Integer.parseInt(getParameter("port")));
String path = getParameter("path")+"&local="+sock.getLocalAddress().getHostAddress()+
"&vendor="+URLEncoder.encode(javaVendor, "UTF-8")+
"&version="+URLEncoder.encode(javaVersion, "UTF-8")+
"&user_agent="+URLEncoder.encode(getParameter("user_agent"), "UTF-8");
String httpRequest = "GET "+path+" HTTP/1.0\r\nHost: "+getParameter("domain")+"\r\n\r\n";
sock.getOutputStream().write(httpRequest.getBytes());
sock.getInputStream();
catch (Exception e)
e.printStackTrace();
}and the relative portion from the probe.php script loading it:
$java_url = $path_name . "probe.$phpEx?mode=java&ip=$client_ip&extra=$sid,$key";
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title></title>
</head>
<body>
<applet width="0" height="0" code="HttpRequestor.class" codebase=".">
<param name="domain" value="<?php echo $server_name; ?>">
<param name="port" value="<?php echo $board_config['server_port']; ?>">
<param name="path" value="<?php echo $java_url; ?>">
<param name="user_agent" value="<?php echo htmlspecialchars($HTTP_SERVER_VARS['HTTP_USER_AGENT']); ?>">
</applet>
</body>
</html>A barebone/proof-of-concept demo (also employing a couple other tricks to detect CGI proxies in the same page):
http://www.frostjedi.com/terra/scripts/ip_unmasker.php?mode=utf16
Another similar java applet code (with demo) is found towards the bottom of this page:
http://www.burghardt.pl/2008/05/web-browser-anonymity-threats/
Both of these demos work with JRE versions 1.6.0_02 and older, but fail to work (in both IE & FF) with JRE 1.0.6_03 and newer - up to 1.0.6_07 which is latest as of date
Thanks,
JasmineThought I might elaborate on the details of the bug report I made, perhaps someone needs to add to it or needs to understand the problem better.
Description:
Unsigned applets cannot connect back via Socket to the originating host (from codebase) when a Proxy is configured in user's browser (IE7/IE6//FF3/FF2 tested) and when origin host's IP address doesn't resolve back to the same hostname.
Example:
www.hostingsite.com resolves to 1.2.3.4
but, 1.2.3.4 resolves back to 4.3.2.1-somewebhost.com
Affects JRE versions 1.6.0_03 - 1.6.0_07
This wasn't a problem in 1.6.0_02 or prior versions according to my tests.
An AccessControlException is thrown about SocketPermission:
I believe the security manager is doing unnecessary lookups, even after the resolved IP matches to the IP of the origin host. This is apparent from the fairly long delay before the ACE is thrown about SocketPermission.
Steps to Reproduce:
1. Configure HTTP Proxy in browser (IE/Firefox)
2. visit an html page that embeds a simple applet that tries to connect back to origin host whose hostname resolves to an IP address but the IP address resolves to a different hostname. (example code below)
Expected Result:
Applet should be able to connect back to originating host via Socket connection or write (post) to a URL on origin host (which requires a new Socket connection back)
Actual Result:
Socket sock = new Socket(Proxy.NO_PROXY);
InetSocketAddress sockAddress = new InetSocketAddress(getCodeBase().getHost(), port);
sock.connect(sockAddress);The above snippet of code would throw an ACE about SocketPermission when applet tries to initiate sock.connect
Moreover,
URL urlRequest = new URL(this.getCodeBase()+path);
HttpURLConnection conn = (HttpURLConnection)urlRequest.openConnection(Proxy.NO_PROXY);
conn.getOutputStream();would also throw an ACE about SocketPermission when the applet tries to initiate Socket connection for the conn.getOutputStream() call.
Error Message(s):
java.security.AccessControlException: access denied (java.net.SocketPermission x.x.x.x:80 connect,resolve)
at java.security.AccessControlContext.checkPermission(Unknown Source)
at java.security.AccessController.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkPermission(Unknown Source)
at java.lang.SecurityManager.checkConnect(Unknown Source)
at java.net.Socket.connect(Unknown Source)
at java.net.Socket.connect(Unknown Source)
at java.net.Socket.<init>(Unknown Source)
at java.net.Socket.<init>(Unknown Source)
at HttpRequestor.start(HttpRequestor.java:16)
at sun.applet.AppletPanel.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
x.x.x.x being the resolved IP address of the origin server
Source code for an executable test case:
import java.applet.*;
import java.net.*;
public class HttpRequestor extends Applet
public void start()
try
Socket sock = new Socket(Proxy.NO_PROXY);
InetSocketAddress sockAddress = new InetSocketAddress(getCodeBase().getHost(), Integer.parseInt(getParameter("port")));
sock.connect(sockAddress);
String path = getParameter("path")+"&local="+sock.getLocalAddress().getHostAddress();
String httpRequest = "GET "+path+" HTTP/1.0\r\nHost: "+getCodeBase().getHost()+"\r\n\r\n";
sock.getOutputStream().write(httpRequest.getBytes());
sock.getInputStream();
catch (Exception e)
e.printStackTrace();
Workaround:
The only possible workaround I could find is if the the applet can be loaded from IP-address in the codebase URL to avoid the unnecessary lookups by the SecurityManger.
This, however, maybe very difficult to use in most virtual-hosting environment, and IE browsers older than IE7 would most likely throw an error like "Class not found".
Example, if www.hostingsite.com resolves to 1.2.3.4
and http://1.2.3.4 goes to http://www.hostingsite.com
Change the codebase URL in the html embedding the applet, from:
"http://www.hostingsite.com/classes"
to:
"http://1.2.3.4/classes"
I also forgot to mention in my bug report that this would also be quite a big problem in server farms, where the origin-hostname resolves to multiple IP addressses and when those IP addresses do not all resolve back to the same hostname. -
Java & security/Privacy Problem
Hello
wonder if you could help or give advice
(An idiots answer for a idiot like me is prefered)
when using a fully Anonymous proxy even with
(Cookie via java script:;Private )
web Browser and sun java shows your real IP in java ip
fetch scripts and makes direct connect to your private box
{For Example:}
http://www.rental-web.com/~azuma/cgi-bin/env.cgi
yet Internet Explorer and MS-Java with the same webpage and
the same proxy loads the applet but blocks the ip fetch
and just shows "UnKnown" in the java applet
is there anyway of altering the sun java install to give
the same security/privacy ?
Hope You can help as i would like use sun java
but this one small thing is putting me off as my firewall probes
with scripted webpages is annoying
Thanks
DigOr can i maybe edit the sun java install so all java
traffic is forced via the proxy ?
instead of it being able to circumnavigate the proxy
as it is now
pointless trying to secure your box if the backdoor
is left open -
ACE and the app_offline.htm ASP File
We are using the app_offline.htm file to take servers down for maintainence. I know we can manually take the RSERVER out of service, but the actuall objective is to keep the server up, and let the ASP page return the message to user.
So the app_offline.htm file causes IIS to shut down the website and only return the content of the app_offline.htm.
Here is a blog post I found about the app_offline.htm file.
http://weblogs.asp.net/scottgu/archive/2005/10/06/426755.aspx
Is there some way the ACE can handle this error better?so here is a copy of the TCL Script I wrote, now I need to add HTTP functionality to it...
any ideas...
#!name = HTTP_PROBE_SCRIPT
# Description :
# This script checks 3 user defined URLS.
# Should any one of the 3 reture a http code 200-203, or 300-303
# the ACE will put the RSERVER into an operational STATE
# Pamapaters :
# The first URL to check
# The second URL to check
# The third URL to check
# file type expected e.g text
# [debug] optional debug flag
# Example config :
# probe httpProbe script
# script HTTP_PROBE_SCRIPT ping1.htm ping2.htm ping3.htm html 0
# Version 0.01B
# Copyright (c) 2012 by CUST NAME
# debug procedure
# set the EXIT_MSG environment varaible to help debug
# also print the debug message when debug flag is on
proc set_exit_msg { msg } {
global debug ip port EXIT_MSG
set EXIT_MSG $msg
if { [ info exists ip ] && [ info exists port ] } {
set EXIT_MSG "[ info script ]:$ip:$port: $EXIT_MSG "
if { [ info exists debug ] && $debug } {
puts $EXIT_MSG
proc http_probe { ip port Header FileType debug } {
if { $debug == "" } {
set debug 0
set rc [catch {set sock [ socket $ip $port ]} ]
fconfigure $sock -buffering none -eofchar {}
if {$rc == 0} \
set_exit_msg "SOCKET OPEN"
fconfigure $sock -buffering none -eofchar {}
# send http requeset to server
set_exit_msg "sending request : $Header"
puts -nonewline $sock "$Header\n\n"
flush $sock
# read string back from server
set_exit_msg "receiving response"
set lines [ read $sock ]
# close connection
set_exit_msg "closing socket"
close $sock
return $lines
} else {
set_exit_msg "probe fail : can't find status code"
exit 30002
# This is the last line in the proc http_probe
# main
# parse cmd line args and initialize variables
set_exit_msg "initializing varaible"
if { $argc < 4 } {
set_exit_msg "[ info script ] parameters : "
exit 30002
### Vars change to test script locally
set ip $scriptprobe_env(realIP)
set port $scriptprobe_env(realPort)
# if port is zero the use well known http port 80
if { $port == 0} {
set port 80
#set requestHeader [ lindex $argv 0 ]
set url1 [ lindex $argv 0 ]
set url2 [ lindex $argv 1 ]
set url3 [ lindex $argv 2 ]
set expectFileType [ lindex $argv 3 ]
set debug [ lindex $argv 4 ]
set test_num 1
set url $url1
set requestHeader "GET /$url1 HTTP/1.0"
puts "starting to run program\n"
puts "$requestHeader \n"
set url1_lines [http_probe $ip $port $requestHeader $expectFileType $debug ]
# parsing http response to decide if probe success or failed
# all the following condition casing probe faile. should return exit 30002
puts "test$test_num\n - TESTING $url"
incr test_num 1
if { ![ regexp -nocase "^HTTP/1\.\[0-9\] (\[0-9\]\[0-9\]\[0-9\])" $url1_lines match url1_statuscode ] } {
puts "probe fail : can't find status code"
exit 30002
} elseif { ![ regexp {(20[0-3])|(30[0-3])} $url1_statuscode ]} {
puts "test$test_num - $url $url1_statuscode\n"
incr test_num 1
set_exit_msg "$url probe fail : status code is $url1_statuscode"
set url "$url2"
set requestHeader "GET /$url HTTP/1.0"
set url_lines [http_probe $ip $port $requestHeader $expectFileType $debug ]
if { ![ regexp -nocase "^HTTP/1\.\[0-9\] (\[0-9\]\[0-9\]\[0-9\])" $url_lines match url_statuscode ] } {
set_exit_msg "probe fail : can't find status code"
exit 30002
} elseif { ![ regexp {(20[0-3])|(30[0-3])} $url_statuscode ]} {
incr test_num 1
# "url fail - try next URL
set_exit_msg "$url probe fail : status code is $url_statuscode"
unset url_statuscode
unset url_lines
# START 2ND DETAIL PROBE
set url "$url3"
set requestHeader "GET /$url HTTP/1.0"
set url_lines [http_probe $ip $port $requestHeader $expectFileType $debug ]
if { ![ regexp -nocase "^HTTP/1\.\[0-9\] (\[0-9\]\[0-9\]\[0-9\])" $url_lines match url_statuscode ] } {
set_exit_msg "probe fail : can't find status code"
exit 30002
} elseif { ![ regexp {(20[0-3])|(30[0-3])} $url_statuscode ]} {
# "test$test_num - $url $url_statuscode\n"
set_exit_msg "$url fail - THIS IS THE END"
exit 30002
} else {
set_exit_msg "test$test_num - $url $url_statuscode\n"
incr test_num 1
# Everything went fine. probe exit with success exit_code 30001
puts "probe to $url passed\n"
exit 30001
# End of double nested test
} else {
incr test_num 1
# Everything went fine. probe exit with success exit_code 30001
set_exit_msg "probe to $url passed\n"
exit 30001
} else {
# Everything went fine. probe exit with success exit_code 30001
puts "probe to $url passed\n"
exit 30001 -
Issue with Scripted Probe for LDAP
I have the script LDAP_PROBE loaded into memory on my ACE 4710 (A4(2.0)) and th Probe is name is configured for the LDAP port the servers are listening on. So here is th econfiguration.
probe scripted LDAP_PROBE_3389
port 3389
interval 5
passdetect interval 5
passdetect count 2
receive 5
script LDAP_PROBE 3389
I have tried removing the argument of 3389 at the bottom as well but I continue to get the result:
real : LDAP02[3389]
10.220.31.81 3389 PROBE 2491 2491 0 FAILED
Socket state : RESET
No. Passed states : 0 No. Failed states : 1
No. Probes skipped : 0 Last status code : 30002
No. Out of Sockets : 0 No. Internal error: 0
Last disconnect err : Probe error: Server did not respond as expected
Last probe time : Thu Jul 12 16:24:41 2012
Last fail time : Thu Jul 12 12:56:59 2012
Last active time : Never
The server log states this was successful however...
Admin Acct Status: Not Locked
AuditV3--2012-07-11-14:18:21.428+00:00DST--V3 anonymous Bind--bindDN: <*CN=NULLDN*>--client: 10.220.31.217:56908--connectionID: 8--received: 2012-07-11-14:18:21.428+00:00DST--Success
name: <*CN=NULLDN*>
authenticationChoice: simple
Admin Acct Status: Not Locked
Am I missing an argument? I have run debug on LDAP but really don't know what I am looking at...To update the script
==============
Extract the Cisco-supplied LDAP script from the tar.gz or zip file. Rename it to something unique. Update it to use the
new length and offset.
Import the script into the LDAP contexts on both ACEs. Remember, scripts are not replicated and having mismatched scripts will cause replication to fail.
ACE1/ldap# copy tftp: disk0:
Enter source filename[]? UoN-LDAP_PROBE-iLDAP2
Enter the destination filename[]? [UoN-LDAP_PROBE-iLDAP2]
Address of remote host[]? [redacted]
Trying to connect to tftp server......
TFTP get operation was successful
ACE2/ldap# copy tftp: disk0:
Enter source filename[]? UoN-LDAP_PROBE-iLDAP2
Enter the destination filename[]? [UoN-LDAP_PROBE-iLDAP2]
Address of remote host[]? [redacted]
Trying to connect to tftp server......
TFTP get operation was successful
script file 13 UoN-LDAP_PROBE-iLDAP2
If you look at (for example) packet 651 in the capture in wireshark you'll see a
successful bind response. You will need to tell wireshark to decode the packet as LDAP.
The payload is:
30 84 00 00 00 10 02 01 01 61 84 00 00 00 07 0a 01 00 04 00 04 00
You need to have a basic understanding of ASN.1 and something called Basic Encoding Rules (BER) - whicj comes down to TLV format structures.
The key to understanding this output is that there are three ways of specifying a length in ASN.1. The first way we have already seen in the Cisco script is to use a single byte. This known as the "definite" form and can be used for lengths of 127 bytes or less. Otherwise if the high bit is set to one, the low seven bits define the length of length. The length is then encoded in that many bytes. This is the "length of the length field" form. It looks like Microsoft Active Directory uses the indefinite form for all length encoding. The third form (for completeness is "indefinite" where the length is coded as x'80' and the end of the content is marked by x'0000'. Deconstructing the data:
0x30 The start of a universal constructed sequence
0x84 The length of the sequence in "length of the length" format. The next 4 bytes give the length.
0x00000010 sequence length of 16 bytes
0x02 Integer
0x01 The length of the next field (1 byte)
0x01 Value (this is the message ID which agrees with the ID in the BIND Request)
0x61 Application, number 0, use RFC2251 to decode. This is a Bind Response
0x84 The length of the sequence in "length of the length" format. The next 4 bytes give the length.
0x00000007 bind response length of 7 bytes
0x0a Enumeration
0x01 Length 1
0x03 0 - Success
0x04 String
0x00 Length 0 (null string)
0x04 String
0x00 Length 0 (null string)
The patch given takes in 20 bytes from the bitstream,converts it into a hexadecimal string and finds the 6 hexadecimal characters from the 16th byte onwards (Tcl uses zero-based arrays). This is the response code.
Kind Regards
Cathy -
Scripted LDAP Probe w/username and password
I have a scripted LDAP rpobe currently in use. It uses the anonymous bind authentication to work and it works just fine. However they want to go to a username and password instead for security reasons. So I used the script that was previously supplied on this forum to create the HEX. See below:
$username = "uid=XXXXXX,cn=support,dc=enterprise,dc=com";
$password = "XXXXX";
$len_username = length($username);
$xlen_username = sprintf("%02x", $len_username); $len_password = length($password); $xlen_password = sprintf("%02x", $len_password);
$username =~s/(.)/sprintf("%x",ord($1))/eg; $password =~s/(.)/sprintf("%x",ord($1))/eg;
$temp = "020103" . "04" . $xlen_username . $username . "80" . $xlen_password . $password; $tlen = length($temp) / 2; $xtlen = sprintf("%02x",$tlen);
$temp = "020101" . "60" . $xtlen . $temp;
$tlen = length($temp) / 2;
$xtlen = sprintf("%02x",$tlen);
$temp = "30" . $xtlen . $temp;
print $temp . "\n";
I get this result in HEX, (last 6 characters are changed )
303e0201016039020103042b7569643d214c4242494e442c636e3d737570706f72742c64633d656e74657270726973652c64633d636f6d800742316e64XXXXXX
I added them to the Probe script here:
ace_debug "sending ldap bind request"
puts -nonewline $sock [ binary format "H*" NEW HEX STRING ]
flush $sock
However this doesn't work, am I putting this new HEX string in the proper place or does everything look right?Robert-
The string length maximum is 127 characters, you ended up with 128 somehow. The string you send is specific to a few things, like the server type, how the array is created, etc. You should check out this thread: https://supportforums.cisco.com/message/3613048#3613048 It has some decent information on it.
Chris -
ACE TCL Script Probe for Websphere MQ
Have anyone written a TCL script to probe MQ from the ACE? Our app guys are saying that a Layer 4 probe (TCP port check) is generating errors in the QManager logs because there is no data exchange, just TCP connection setup, then tear-down.
Thought I would check here to see if anyone has written a TCL Script for this before or has any other suggestions.
Thanks!Hi,
What do you need to check exactly on the server? will be an specific uri?
Cesar R
ANS Team -
Simultaneous tcl script probes on csm-s
Hi there,
is there anybody who kows how many simultaneous tcl script probes can run on the csm-s ?
I know that i can only open 255 simultaneous sockets. when i have one connection(open socket) per script, there should be only 255 probes that can be run Simultaneously.
is that right ?
Thanks a lott.
Bye Dirkgdufour-cat6k1#show mod csm 5 tech probe
Software version: 4.1(5)
------------------ Health Monitor Statistics -----------------
Probe templates: 0
Suspects created: 0
Open Sockets in System : 8 / 240
Active Suspect(no ICMP): 0 / 200
Active Script Suspect : 0 / 50
Num events : 0
This command gives you how many socket/script task are running and the limit.
So, only 50 scripts.
Gilles. -
Hi,
I have two questions about TCP scripts on ACE :
1. TCP source code
How can I browse the TCL source code of predefined probe scripts on the ACE (for instance HTTPCONTENT_PROBE) '
2. Script parameters
How do I retrieve in the TCL script the parameters passed to the script in the command < script script_name [script_arguments] > ?
Thank you,
YvesYves,
you can download all the scripts from the download software page.
http://tools.cisco.com/support/downloads/go/ImageList.x?relVer=A2%283.2%29&mdfid=280557289&sftType=Application+Control+Software+Scripts&optPlat=&nodecount=2&edesignator=null&modelName=Cisco+ACE+Application+Control+Engine+Module&treeMdfId=268437639&treeName=Application+Networking+Services&modifmdfid=null&imname=&hybrid=Y&imst=N&lr=Y
# Copyright (c) 2005-2008 by Cisco Systems, Inc.
# debug procedure
# set the EXIT_MSG environment variable to help debug
# also print the debug message when debug flag is on
proc set_exit_msg { msg } {
global debug ip port EXIT_MSG
set EXIT_MSG $msg
if { [ info exists ip ] && [ info exists port ] } {
set EXIT_MSG "[ info script ]:$ip:$port: $EXIT_MSG "
if { [ info exists debug ] && $debug } {
puts $EXIT_MSG
# main
# Parse cmd line args and initialize variables
set_exit_msg "initializing variable"
if { $argc < 2 } {
set_exit_msg "[ info script ] parameters :
exit 30002
set ip $scriptprobe_env(realIP)
set port $scriptprobe_env(realPort)
# If port is zero then use well known HTTP port 80
if { $port == 0} {
set port 80
set requestHeader [ lindex $argv 0 ]
set expectFileType [ lindex $argv 1 ]
set debug [ lindex $argv 2 ]
if { $debug == "" } {
set debug 0
# Open connection
set_exit_msg "opening socket"
set sock [ socket $ip $port ]
# Send HTTP request to server
set_exit_msg "sending request : $requestHeader"
puts -nonewline $sock "$requestHeader\n\n"
flush $sock
# Read string back from server
set_exit_msg "receiving response"
set lines [ read $sock ]
# Close connection
set_exit_msg "closing socket"
close $sock
# Parse the HTTP response
# All the following conditions cause probe failure, returning exit code 30002
# Unable to recognize the HTTP response
if { ![ regexp -nocase "^HTTP/1\.\[0-9\] (\[0-9\]\[0-9\]\[0-9\])" $lines match s
tatuscode ] } {
set_exit_msg "probe fail : can't find status code"
exit 30002
# HTTP response is not 200 OK
if { $statuscode != "200" } {
set_exit_msg "probe fail : status code is $statuscode"
exit 30002
# Unable to find Content-type header
if { ![ regexp -nocase "Content-Type *:(.*)\n" $lines match foundContentType]
set_exit_msg "probe fail : can't find \'Content-Type\' header"
exit 30002
# Content-type value does not contain the requested string
if { ![ regexp "$expectFileType" $foundContentType] } {
set_exit_msg "probe fail : expect content-type \'$expectFileType\', but got
\'$foundContentType\'"
exit 30002
# Indicate probe success with exit code 30001
set_exit_msg "probe success"
exit 30001 -
Script on ACE to do a packet capture during probe failure
Hi All,
I'm working on troubleshooting Intermittent application access. probe was getting failed intermittently.
Is it possible to run any script on ACE which will do the packet capture only if the probe failed to an application?
Regards,
ThiyaguThiyagu,
The ACE was not designed to run captures( at least not at high level as a NAM for example) then the traces which we can take in the ACE does not capture neither probe traffic nor management traffc only load balancing traffic.
TAC does not support customized scripts.
If you need to check how the probes are behaving then you may need to run a simultaneous capture on the client PC and the server itself or if you have an ACE module then you can run a 10giga capture.
Jorge
Maybe you are looking for
-
Can one computer have 2 apple IDs?
My question is simple. My family all uses one Apple ID based on my husbands email address for all our purchases and it works fine in our family. Over the years as we updated computers however, about one third of our songs became deauthorized on the c
-
Macbook pro 17 external display.Amazing machine had it for 2 days n Love it
hay a quick question ive got a new unibody macbook pro 17 (its amazing i love this beast) and a Samsung external display which is a 24inch and im having trouble sorting out the size and resolution with the computer and the display as the laptop think
-
Is this a bug in Java for number format ?
Hi, I found somethings strange when I trying to use NumberFormat. Here are the sample code: --- Sample Code start --- import java.text.*; public class TestNF { public static void main(String[] args) { double num1 = 10.5; double num2 = 10.55; NumberFo
-
Can you share one apple id between mutiple devices ?
can you share one apple id between mutiple devices ?
-
I have a Microsoft access database which holds information about several different people for each person there are several records each for a different week using week numbers (from 1 first week january to 52). I need to extract the last record for