Re: CSM HTTPS or SSL Health Probe

qixie · ‎06-27-2006

We are currently using TCP probe for HTTPS webServer health checking. Is there a HTTPS or SSL probe available on CSM to send a url to detect if the HTTPS Apache WebServer is up or not?

Many Thx, Q.Xie

Gilles Dufour · ‎06-27-2006

no, there is not such option because the CSM does not have the capability to do encryption/decryption.

The CSS does have this option if you have the SSL module.

Gilles.

qixie · ‎06-28-2006

Gilles, Thx for quick reply.

We do have SSL Module combined with CSM. Can we do something in this case? I heard that, there is a SSL probe script(TCL) available which can be used for SSL probe. Are you aware of it?

Q.Xie

Gilles Dufour · ‎06-28-2006

You can download the TCL script file from the same locstion as the CSM software.

In this TCL file you should find the following scripts

[root@linux-1 cisco]# cat /tftpboot/c6slb-apc.4-2-1.tcl | grep -i "name ="

#!name = CHECKPORT_STD_SCRIPT

#!name = ECHO_PROBE_SCRIPT

#!name = FINGER_PROBE_SCRIPT

#!name = FTP_PROBE_SCRIPT

#!name = HTTPCONTENT_PROBE

#!name = HTTPHEADER_PROBE

#!name = HTTPPROXY_PROBE

#!name = HTTP_PROBE_SCRIPT

#!name = IMAP_PROBE

#!name = LDAP_PROBE

#!name = MAIL_PROBE

#!name = POP3_PROBE

#!name = PROBENOTICE_PROBE

#!name = RTSP_PROBE

#!name = SSL_PROBE_SCRIPT

#!name = TFTP_PROBE

There is a SSL_PROBE_SCRIPT that will verify that the SSL server respond to a client SSL HELLO message.

It does not verify if you can send an HTTP request.

It only sends a HELLO as a client and wait for the server HELLO.

With the SSLM for the CSM, there might be a way to achieve HTTPS probe.

I never tried it, but the solution I see would be to create an HTTP probe on the CSM and direct to the SSLM which will do the encryption and forward it to the server.

Regards,

Gilles

qixie · ‎07-24-2006

Thanks Gilles. I like the idea to send a HTTP probe to HTTPS via SSLM. Will try that. Q.Xie