Enabling Authentication HTTP and HTTPs Health Monitor
Overview
This guide explains the NTLM and Basic authentication support for HTTP and HTTPS health monitor.
Enabling NTLM Authentication in HTTP(S) Health Monitor
Configuration Steps for HTTPS Health Monitor with NTLM Authentication
The following are the steps to create a new HTTPS monitor for POST method with NLM authentication enabled:
[admin:ctrl2]: > configure healthmonitor NTLM-POST
[admin:ctrl2]: healthmonitor> type health_monitor_https
[admin:ctrl2]: healthmonitor> https_monitor
[admin:ctrl2]: healthmonitor:https_monitor> http_request "POST /EWS/Exchange.asmx HTTP/1.1\r\nContent-Typ
e: text/xml; charset=utf-8 "
[admin:ctrl2]: healthmonitor:https_monitor> http_request_body "[?xml version=\"1.0\" encoding=\"UTF-8\"?]
[soap:Envelope xmlns:soap=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:t=\"http://schemas.microsoft.com/e
xchange/services/2006/types\" xmlns:m=\"http://schemas.microsoft.com/exchange/services/2006/messages\"][soap:Hea
der][/soap:Header][soap:Body][GetFolder xmlns=\"http://schemas.microsoft.com/exchange/services/2006/messages\"][
FolderShape][t:BaseShape>IdOnly[/t:BaseShape][/FolderShape][FolderIds][t:DistinguishedFolderId Id=\"inbox\"][t:M
ailbox][t:EmailAddress][/t:EmailAddress][/t:Mailbox][/t:DistinguishedFolderId][/FolderIds][/GetFolder][/soap:Body][/soap:Envelope]"
[admin:ctrl2]: healthmonitor:https_monitor> http_response "GetFolderResponseMessage ResponseClass=\"Success\""
[admin:ctrl2]: healthmonitor:https_monitor> http_response_code http_2xx
[admin:ctrl2]: healthmonitor:https_monitor> auth_type auth_ntlm
[admin:ctrl2]: healthmonitor:https_monitor> ssl_attributes
[admin:ctrl2]: healthmonitor:https_monitor:ssl_attributes> ssl_profile_ref System-Standard
[admin:ctrl2]: healthmonitor:https_monitor:ssl_attributes> save
[admin:ctrl2]: healthmonitor:https_monitor> save
[admin:ctrl2]: healthmonitor> authentication
[admin:ctrl2]: healthmonitor:authentication> username aviuser
[admin:ctrl2]: healthmonitor:authentication> password aviuserpassword
[admin:ctrl2]: healthmonitor:authentication> save
[admin:ctrl2]: healthmonitor> save
+-------------------------+--------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+-------------------------+--------------------------------------------------------------------------------------------------------------------------+
| uuid | healthmonitor-b8b7cd94-7076-4a55-a90a-77d6e768f4b1 |
| name | NTLM |
| send_interval | 10 sec |
| receive_timeout | 4 sec |
| successful_checks | 2 |
| failed_checks | 2 |
| type | HEALTH_MONITOR_HTTPS |
| https_monitor | |
| http_request | POST /EWS/Exchange.asmx HTTP/1.1 |
| | Content-Type: text/xml; charset=utf-8 |
| http_response_code[1] | HTTP_2XX |
| http_response | GetFolderResponseMessage ResponseClass="Success" |
| ssl_attributes | |
| ssl_profile_ref | System-Standard |
| exact_http_request | False |
| auth_type | AUTH_NTLM |
| http_request_body | <?xml version="1.0" encoding="UTF-8"?>< |
| | soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" |
| | xmlns:t="http://schemas.microsoft.com/exchange/services/2006/types" |
| | xmlns:m="http://schemas.microsoft.com/exchange/services/2006/messages"> |
| | <soap:Header><soap:Header><soap:Body> |
| | <GetFolder xmlns="http://schemas.microsoft.com/exchange/services/2006/messages"> |
| | <FolderShape><t:BaseShape>IdOnly</t:BaseShape> |
| | </FolderShape><FolderIds> |
| | <t:DistinguishedFolderId Id="inbox"> <t:Mailbox> |
| | <t:EmailAddress></t:EmailAddress> </t:Mailbox> |
| | </t:DistinguishedFolderId><</FolderIds> |
| | </GetFolder></soap:Body></soap:Envelope> |
| authentication | |
| username | <sensitive> |
| password | <sensitive> |
| is_federated | False |
| tenant_ref | admin |
+-------------------------+--------------------------------------------------------------------------------------------------------------------------+
Note: You can configure NTLM authentication for GET method, and HTTP health monitor in a similar way.
Enabling Basic Authentication in HTTP(S) Health Monitor
Starting with Avi Vantage version 20.1.1, the HTTP(S) health monitor supports the authentication type by providing basic information like username, and password.
Configuring Health Monitor with Basic Authentication
You can configure Basic authentication for GET and POST methods by providing Basic information like username and password.
The following is the configuration example for Basic authentication for GET method on HTTP health monitor:
[admin:ctrl2]: > configure healthmonitor HTTP-Basic-Authentication
[admin:ctrl2]: healthmonitor> type health_monitor_http
[admin:ctrl2]: healthmonitor> http_monitor
[admin:ctrl2]: healthmonitor:http_monitor> auth_type auth_basic
[admin:ctrl2]: healthmonitor:http_monitor> save
[admin:ctrl2]: healthmonitor> authentication
[admin:ctrl2]: healthmonitor:authentication> username aviuser
[admin:ctrl2]: healthmonitor:authentication> password aviuser
[admin:ctrl2]: healthmonitor:authentication> save
[admin:ctrl2]: healthmonitor> save
You can configure Basic authentication for POST method, or enable basic auth in HTTPS health monitor in a similar way.
Notes:
-
Enabling authentication is available for HTTP and HTTPs monitors only.
-
You cannot configure
exact_http_request
for HTTP(S) health monitors using NTLM authentication.