[f-nsp] configuring port groups for health checks
Matt Stockdale
mstockda at logicworks.net
Fri Aug 19 19:29:50 EDT 2005
As is usually the case, posting to the list causes a flash of insight.
Can I define an external health check (per server, I suppose) that does
the layer 7 content matching, and then apply it to port ssl?
Will this cause it to mark port 443 as failed if the healthcheck fails
on port 80?
i.e,
healthck rs1-http tcp
dest-ip 10.0.1.11
port http
proto http url "GET /healthcheck.asp"
proto http status-code 200 200
proto http content-match health1
healthck rs2-http tcp
dest-ip 10.0.1.12
port http
proto http url "GET /healthcheck.asp"
proto http status-code 200 200
proto http content-match health1
server real rs1 10.0.1.11
port http
port http healthck rs1-http
port ssl
port ssl healthck rs1-http
server real rs1 10.0.1.12
port http
port http healthck rs2-http
port ssl
port ssl healthck rs2-http
server virtual vs1 10.0.1.10
port http
port ssl
bind http rs1 http rs2 http
bind ssl rs1 ssl rs2 ssl
http match-list health1
default down
up simple everythingsaok
On Fri, 2005-08-19 at 19:21, Matt Stockdale wrote:
> I've checked the archives briefly, and I've been staring at the docs for
> a while, but it's friday and my brain is frazzled. I'm hoping someone
> can take pity on me and answer this -
>
> Can I configure a real server to mark all ports as failed if any one of
> them fails? I've been looking at the port groups, but those seem to be
> more for sticky..
>
> (Specifically, the code we are running on one of our old XL's doesn't
> allow us to do in depth health checks on port 443, I want it to fail
> that port if the content-matching on port 80 fails. I'll upgrade if I
> have to, but it will affect many customers, and I'd rather avoid it)
>
> Thanks in advance,
> Matt
> _______________________________________________
> foundry-nsp mailing list
> foundry-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/foundry-nsp
>
More information about the foundry-nsp
mailing list