Enabling Authentication HTTP and HTTPs Health Monitor

Overview

This guide explains the NTLM and Basic authentication support for HTTP and HTTPS health monitor.

Enabling NTLM Authentication in HTTP(S) Health Monitor

Configuration Steps for HTTPS Health Monitor with NTLM Authentication

The following are the steps to create a new HTTPS monitor for POST method with NLM authentication enabled:


[admin:ctrl2]: > configure healthmonitor NTLM-POST

[admin:ctrl2]: healthmonitor> type health_monitor_https
[admin:ctrl2]: healthmonitor> https_monitor
[admin:ctrl2]: healthmonitor:https_monitor> http_request "POST /EWS/Exchange.asmx HTTP/1.1\r\nContent-Typ
e: text/xml; charset=utf-8 "
[admin:ctrl2]: healthmonitor:https_monitor> http_request_body "[?xml version=\"1.0\" encoding=\"UTF-8\"?]
[soap:Envelope xmlns:soap=\"http://schemas.xmlsoap.org/soap/envelope/\" xmlns:t=\"http://schemas.microsoft.com/e
xchange/services/2006/types\" xmlns:m=\"http://schemas.microsoft.com/exchange/services/2006/messages\"][soap:Hea
der][/soap:Header][soap:Body][GetFolder xmlns=\"http://schemas.microsoft.com/exchange/services/2006/messages\"][
FolderShape][t:BaseShape>IdOnly[/t:BaseShape][/FolderShape][FolderIds][t:DistinguishedFolderId Id=\"inbox\"][t:M
ailbox][t:EmailAddress][/t:EmailAddress][/t:Mailbox][/t:DistinguishedFolderId][/FolderIds][/GetFolder][/soap:Body][/soap:Envelope]"

[admin:ctrl2]: healthmonitor:https_monitor> http_response "GetFolderResponseMessage ResponseClass=\"Success\""

[admin:ctrl2]: healthmonitor:https_monitor> http_response_code http_2xx
[admin:ctrl2]: healthmonitor:https_monitor> auth_type auth_ntlm
[admin:ctrl2]: healthmonitor:https_monitor> ssl_attributes 
[admin:ctrl2]: healthmonitor:https_monitor:ssl_attributes> ssl_profile_ref System-Standard  
[admin:ctrl2]: healthmonitor:https_monitor:ssl_attributes> save 
[admin:ctrl2]: healthmonitor:https_monitor> save
[admin:ctrl2]: healthmonitor> authentication
[admin:ctrl2]: healthmonitor:authentication> username aviuser
[admin:ctrl2]: healthmonitor:authentication> password aviuserpassword
[admin:ctrl2]: healthmonitor:authentication> save
[admin:ctrl2]: healthmonitor> save

+-------------------------+--------------------------------------------------------------------------------------------------------------------------+ 
|  Field                  | Value                             											    								         |
+-------------------------+--------------------------------------------------------------------------------------------------------------------------+
| uuid                    | healthmonitor-b8b7cd94-7076-4a55-a90a-77d6e768f4b1        				   										         |
| name                    | NTLM                             											 									         |
| send_interval           | 10 sec                            											 									         |
| receive_timeout         | 4 sec                            											 									         |
| successful_checks       | 2                                											 									         |
| failed_checks           | 2                                 											 									         |
| type                    | HEALTH_MONITOR_HTTPS           											     									         |
| https_monitor           |                                   											 									         |
|   http_request          | POST /EWS/Exchange.asmx HTTP/1.1  											 									         |
|                         | Content-Type: text/xml; charset=utf-8                                        									         |
|   http_response_code[1] | HTTP_2XX                           											 									         |
|   http_response         | GetFolderResponseMessage ResponseClass="Success"                             									         |
|   ssl_attributes        |                                    											 									         | 
|     ssl_profile_ref     | System-Standard                                                              									         | 
|   exact_http_request    | False                                                                        									         | 
|   auth_type             | AUTH_NTLM                                                                    									         | 
|   http_request_body     | <?xml version="1.0" encoding="UTF-8"?><																         |
|						  |	soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" 											         |
|						  |	xmlns:t="http://schemas.microsoft.com/exchange/services/2006/types" 											         |
|						  |	xmlns:m="http://schemas.microsoft.com/exchange/services/2006/messages">										         |
|						  |	<soap:Header><soap:Header><soap:Body>															         |
|						  |	<GetFolder xmlns="http://schemas.microsoft.com/exchange/services/2006/messages">								     |
|						  |	<FolderShape><t:BaseShape>IdOnly</t:BaseShape>												         |
|						  |	</FolderShape><FolderIds>																			         |
|						  |	<t:DistinguishedFolderId Id="inbox"> <t:Mailbox>													         |
|						  |	<t:EmailAddress></t:EmailAddress> </t:Mailbox>												         |
|						  |	</t:DistinguishedFolderId><</FolderIds>																         |
|						  |	</GetFolder></soap:Body></soap:Envelope> 														         | 
| authentication          |                                                                                 								         | 
|   username              | <sensitive>                                                              								             | 
|   password              | <sensitive>                                                               								         | 
| is_federated            | False                                                                           								         | 
| tenant_ref              | admin                                                                           								         | 
+-------------------------+--------------------------------------------------------------------------------------------------------------------------+

Note: You can configure NTLM authentication for GET method, and HTTP health monitor in a similar way.

Enabling Basic Authentication in HTTP(S) Health Monitor

Starting with Avi Vantage version 20.1.1, the HTTP(S) health monitor supports the authentication type by providing basic information like username, and password.

Configuring Health Monitor with Basic Authentication

You can configure Basic authentication for GET and POST methods by providing Basic information like username and password.

The following is the configuration example for Basic authentication for GET method on HTTP health monitor:


[admin:ctrl2]: > configure healthmonitor HTTP-Basic-Authentication

[admin:ctrl2]: healthmonitor> type health_monitor_http
[admin:ctrl2]: healthmonitor> http_monitor
[admin:ctrl2]: healthmonitor:http_monitor> auth_type auth_basic
[admin:ctrl2]: healthmonitor:http_monitor> save
[admin:ctrl2]: healthmonitor> authentication
[admin:ctrl2]: healthmonitor:authentication> username aviuser
[admin:ctrl2]: healthmonitor:authentication> password aviuser
[admin:ctrl2]: healthmonitor:authentication> save
[admin:ctrl2]: healthmonitor> save

You can configure Basic authentication for POST method, or enable basic auth in HTTPS health monitor in a similar way.

Notes:

  • Enabling authentication is available for HTTP and HTTPs monitors only.

  • You cannot configure exact_http_request for HTTP(S) health monitors using NTLM authentication.

Basic Authentication in Health Monitor

The following are the basic authentication options:

  • You cannot configure exact_http_request for HTTP(S) health monitors using BASIC authentication.

  • To use exact_http_request for HTTP(S) health monitors using basic authentication, you must provide authorization basic header in the request, with credentials as user-id:password pairs, encoded using Base64.

Example:


GET / HTTP/1.1
Host: 10.79.168.55
Authorization: Basic cm9vdDphdmkxMjM=
Accept: /