[f-nsp] Quick questions about healthcks

Chase Bolt cbolt at datinggold.com
Tue Dec 16 12:40:43 EST 2008


You need to use protocol ssl use-complete.

"if you use the protocol ssl use-complete command in a health check policy,
it causes the ServerIron to negotiate an SSL connection and send a GET or
HEAD request to the server."


healthck srvr10-ssl tcp
  dest-ip 192.168.20.11
  port ssl
  protocol ssl
  protocol ssl url "GET /files/pixel.gif"
  protocol ssl use-complete
  l7-check

-----Original Message-----
From: foundry-nsp-bounces at puck.nether.net
[mailto:foundry-nsp-bounces at puck.nether.net] On Behalf Of Drew Weaver
Sent: Tuesday, December 16, 2008 9:27 AM
To: Drew Weaver; 'Jared Valentine'
Cc: 'foundry-nsp at puck.nether.net'
Subject: Re: [f-nsp] Quick questions about healthcks

Spoke too soon, I thought I had resolved this but I guess I didn't.

I'm testing to see if a file exists over SSL, the healthck looks like:

healthck srvr10-ssl tcp
  dest-ip 192.168.20.11
  port ssl
  protocol ssl
  protocol ssl url "GET /files/pixel.gif"
  l7-check

When I browse https://192.168.20.11 I first get a warning that the SSL
certificate is invalid, and then when I click 'accept anyway, etc' it gives
me a 404.

Should I be using the URL which has the correct certificate (DNS name?) to
test this?

Thanks,
-Drew

-----Original Message-----
From: foundry-nsp-bounces at puck.nether.net
[mailto:foundry-nsp-bounces at puck.nether.net] On Behalf Of Drew Weaver
Sent: Tuesday, December 16, 2008 11:48 AM
To: 'Jared Valentine'
Cc: 'foundry-nsp at puck.nether.net'
Subject: Re: [f-nsp] Quick questions about healthcks

I have already resolved this ;-) it was an instance of the server presenting
a 404 when I checked it but then being fixed shortly after.

Thanks,
-Drew

-----Original Message-----
From: Jared Valentine [mailto:hidden at xmission.com] 
Sent: Tuesday, December 16, 2008 11:47 AM
To: Drew Weaver
Cc: foundry-nsp at puck.nether.net
Subject: Re: [f-nsp] Quick questions about healthcks

Do you have "port http keepalive" enabled under the real as well?

Jared Valentine


On Dec 16, 2008, at 8:24 AM, Drew Weaver <drew.weaver at thenap.com> wrote:

> Hi,
>
>
>
> Is there any way to make a healthck fail on a 404? For some reason  
> even though the server is returning a 404 the healthck is still  
> passing.
>
>
>
> Thanks,
>
> -Drew
>
>
>
> _______________________________________________
> foundry-nsp mailing list
> foundry-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/foundry-nsp
_______________________________________________
foundry-nsp mailing list
foundry-nsp at puck.nether.net
http://puck.nether.net/mailman/listinfo/foundry-nsp
_______________________________________________
foundry-nsp mailing list
foundry-nsp at puck.nether.net
http://puck.nether.net/mailman/listinfo/foundry-nsp




More information about the foundry-nsp mailing list