axl13
asked on
Writing a script keepalive on a Cisco 11501
I would like to create a script that tries and log into a webpage... If the page loads all is well, if it fail, I woulf like to put it in a dead state...
ASKER
How do I go about finding the RAW TCP form??? Also the connection is HTTPS...
axl13 . . . I'm assuming you don't have the SSL offload card for your CSS . . . otherwise why would you be running SSL to the server from the CSS?
So, if the server responded to the auth req over HTTP, wouldn't that be a good indication that things are ok? I can't think of how -- in a normal situation, of course a cert could expire I suppose -- port 443 for example could all of a sudden become unavailable, yet port 80 would still be available.
ALERT! NO REAL VALUE BEING OFFERED IN THE FOLLOWING COMMENT
Get rid of that old Arrowpoint boat anchor that Cisco does such a horrible job of supporting and get a real load balancer.
Good luck,
SteveJ
So, if the server responded to the auth req over HTTP, wouldn't that be a good indication that things are ok? I can't think of how -- in a normal situation, of course a cert could expire I suppose -- port 443 for example could all of a sudden become unavailable, yet port 80 would still be available.
ALERT! NO REAL VALUE BEING OFFERED IN THE FOLLOWING COMMENT
Get rid of that old Arrowpoint boat anchor that Cisco does such a horrible job of supporting and get a real load balancer.
Good luck,
SteveJ
ASKER
Is there a way to look at the header, for this keepalive???
If that's addressed to me, I don't follow. By "keepalive" are you referring to the process of sending an auth request, supplying a login and then getting a page back?
Good luck,
SteveJ
Good luck,
SteveJ
>How do I go about finding the RAW TCP form??? Also the connection is HTTPS...
Then you have a problem... it will be basically impossible to write a script for that. You need a SSL scripting primitive for that, and there is no way to open a SSL connection from a script, not even in late versions such as CSS 8.10.
The scripting primitives you need are not present on the device.
I suggest writing a CGI script to handle any SSL testing you intend, place the script on the web server, and allow your load balancer to access the CGI script and handle the outcome based on the script you have on the web server.
Your needs are complicated enough, that they exceed the capabilities of your load balancer, and it will likely be an immense waste of time to attempt to shoe-horn your test into a load balancer script.
Also, by offloading the script test logic to the other server, you will have choice of programming language the full flexibility of all capabilities of the server.
For scripting a non-SSL HTTP connection you need to determine the HTTP data you intend to send, and what you expect the result to be.
The link I posted earlier has detailed examples of how to do this.
It is impossible to provide specific information for your specific situation without more details about what you are intending to submit to what server and what you are intending to receive.
http://www.ciscosystemsverified.biz/en/US/docs/app_ntwk_services/data_center_app_services/css11500series/v8.10/configuration/administration/guide/Scripts.html#wp1004547
socket send ${SOCKET} "GET ${WebPage} HTTP/1.0\n"
socket send ${SOCKET} "Authorization: Basic "
socket send ${SOCKET} "${UserPass}" base64
socket send ${SOCKET} "\n\n"
Is an example of how you send raw request data.
They also show an example of where you can transmit a Host: tag for virtual hosts
in the "HTTP Host Tag Keepalive " example
socket send ${SOCKET} "GET ${WebPage} HTTP/1.0\nHost: ${HostTag}\n\n"
basically the raw form of a HTTP GET request is
GET /path HTTP/1.0
Host: www.example.com
(enter)
The "Host" line is a header.
You may need to be sending other headers, depending on the nature of the request.
A post form submission looks like
POST /abcde.php HTTP/1.0
Host: www2.example.com
Content-type: application/x-www-form-url encoded
username=beastly+fido&pass word=passw ord&txtare a_1=+blah+ blah+blah& login=1&ot herformdat a=abcxyz
Then you have a problem... it will be basically impossible to write a script for that. You need a SSL scripting primitive for that, and there is no way to open a SSL connection from a script, not even in late versions such as CSS 8.10.
The scripting primitives you need are not present on the device.
I suggest writing a CGI script to handle any SSL testing you intend, place the script on the web server, and allow your load balancer to access the CGI script and handle the outcome based on the script you have on the web server.
Your needs are complicated enough, that they exceed the capabilities of your load balancer, and it will likely be an immense waste of time to attempt to shoe-horn your test into a load balancer script.
Also, by offloading the script test logic to the other server, you will have choice of programming language the full flexibility of all capabilities of the server.
For scripting a non-SSL HTTP connection you need to determine the HTTP data you intend to send, and what you expect the result to be.
The link I posted earlier has detailed examples of how to do this.
It is impossible to provide specific information for your specific situation without more details about what you are intending to submit to what server and what you are intending to receive.
http://www.ciscosystemsverified.biz/en/US/docs/app_ntwk_services/data_center_app_services/css11500series/v8.10/configuration/administration/guide/Scripts.html#wp1004547
socket send ${SOCKET} "GET ${WebPage} HTTP/1.0\n"
socket send ${SOCKET} "Authorization: Basic "
socket send ${SOCKET} "${UserPass}" base64
socket send ${SOCKET} "\n\n"
Is an example of how you send raw request data.
They also show an example of where you can transmit a Host: tag for virtual hosts
in the "HTTP Host Tag Keepalive " example
socket send ${SOCKET} "GET ${WebPage} HTTP/1.0\nHost: ${HostTag}\n\n"
basically the raw form of a HTTP GET request is
GET /path HTTP/1.0
Host: www.example.com
(enter)
The "Host" line is a header.
You may need to be sending other headers, depending on the nature of the request.
A post form submission looks like
POST /abcde.php HTTP/1.0
Host: www2.example.com
Content-type: application/x-www-form-url
username=beastly+fido&pass
ASKER
Mysidia
If I were able to change the service to http, rather https, cause the content rule is allready https, is there a way to evaulate the cookie or header???
If I were able to change the service to http, rather https, cause the content rule is allready https, is there a way to evaulate the cookie or header???
ASKER
Can anyone see why the following does not work... I am getting an error on line 17... I am trying to combinded the ap-kal-httpauth and ap-kal-setcookie
if ${ARGS}[#] "NEQ" "4"
echo "Usage: ap-kal-httpauth \'Hostname WebPage Username:Password cookieString\'"
echo "(Ie. ap-kal-httpauth \'192.168.1.1 /index.html bob:mypassword\' 'mycookie=myvalue\')"
exit script 1
endbranch
set HostName "${ARGS}[1]"
set WebPage "${ARGS}[2]"
set UserPass "${ARGS}[3]"
set CookieData "${ARGS}[4]"
set EXIT_MSG "Connection Failure"
socket connect host ${HostName} port 443 tcp 2000
set EXIT_MSG "Send: Failed"
socket send ${SOCKET} "GET ${WebPage} HTTP/1.0\n"
socket send ${SOCKET} "Authorization: Basic "
socket send ${SOCKET} "${UserPass}" base64
set EXIT_MSG "Waitfor: Failure"
socket waitfor ${SOCKET} "${CookieData}" 2000
no set EXIT_MSG
socket disconnect ${SOCKET}
exit script 0
if ${ARGS}[#] "NEQ" "4"
echo "Usage: ap-kal-httpauth \'Hostname WebPage Username:Password cookieString\'"
echo "(Ie. ap-kal-httpauth \'192.168.1.1 /index.html bob:mypassword\' 'mycookie=myvalue\')"
exit script 1
endbranch
set HostName "${ARGS}[1]"
set WebPage "${ARGS}[2]"
set UserPass "${ARGS}[3]"
set CookieData "${ARGS}[4]"
set EXIT_MSG "Connection Failure"
socket connect host ${HostName} port 443 tcp 2000
set EXIT_MSG "Send: Failed"
socket send ${SOCKET} "GET ${WebPage} HTTP/1.0\n"
socket send ${SOCKET} "Authorization: Basic "
socket send ${SOCKET} "${UserPass}" base64
set EXIT_MSG "Waitfor: Failure"
socket waitfor ${SOCKET} "${CookieData}" 2000
no set EXIT_MSG
socket disconnect ${SOCKET}
exit script 0
You probably want to add a line:
socket send ${SOCKET} "\n\n"
in there, after the 'socket send ${SOCKET} "${UserPass}" base64'
line and just before the 'set EXIT_MSG "Waitfor: Failure"'
Until you send an additional line feed, a HTTP request has not yet been completed.
\n is a standard escape sequence for line feed, by the way,
derived from the C programming language. Line feed is
the control character for going to the next line
sometimes also denoted Control+J or ^J.
socket send ${SOCKET} "\n\n"
in there, after the 'socket send ${SOCKET} "${UserPass}" base64'
line and just before the 'set EXIT_MSG "Waitfor: Failure"'
Until you send an additional line feed, a HTTP request has not yet been completed.
\n is a standard escape sequence for line feed, by the way,
derived from the C programming language. Line feed is
the control character for going to the next line
sometimes also denoted Control+J or ^J.
ASKER
I cleaned it up alittle bit... I did have that line in, but it gave me the error, so I deleted it... Here is what is on the css: error is happening on line 11
set HostName "${ARGS}[1]"
set WebPage "${ARGS}[2]"
set UserPass "${ARGS}[3]"
set CookieData "${ARGS}[4]"
set EXIT_MSG "Connection Failure"
socket connect host ${HostName} port 443 tcp 2000
set EXIT_MSG "Send: Failed"
socket send ${SOCKET} "GET ${WebPage} HTTP/1.0\n"
socket send ${SOCKET} "Authorization: Basic "
socket send ${SOCKET} "${UserPass}" base64
socket send ${SOCKET} "\n\n"
set EXIT_MSG "Waitfor: Failure"
socket waitfor ${SOCKET} "200 OK" 2000
set EXIT_MSG "Connection Failed"
socket connect host ${HostName} port 443 tcp 2000
set EXIT_MSG "Send: Failure"
socket send ${SOCKET} "GET ${WebPage} HTTP/1.0\n\n"
set EXIT_MSG "Waitfor: Failure"
socket waitfor ${SOCKET} "${CookieData}" 2000
no set EXIT_MSG
socket disconnect ${SOCKET}
exit script 0
set HostName "${ARGS}[1]"
set WebPage "${ARGS}[2]"
set UserPass "${ARGS}[3]"
set CookieData "${ARGS}[4]"
set EXIT_MSG "Connection Failure"
socket connect host ${HostName} port 443 tcp 2000
set EXIT_MSG "Send: Failed"
socket send ${SOCKET} "GET ${WebPage} HTTP/1.0\n"
socket send ${SOCKET} "Authorization: Basic "
socket send ${SOCKET} "${UserPass}" base64
socket send ${SOCKET} "\n\n"
set EXIT_MSG "Waitfor: Failure"
socket waitfor ${SOCKET} "200 OK" 2000
set EXIT_MSG "Connection Failed"
socket connect host ${HostName} port 443 tcp 2000
set EXIT_MSG "Send: Failure"
socket send ${SOCKET} "GET ${WebPage} HTTP/1.0\n\n"
set EXIT_MSG "Waitfor: Failure"
socket waitfor ${SOCKET} "${CookieData}" 2000
no set EXIT_MSG
socket disconnect ${SOCKET}
exit script 0
Try telnetting manually from a client PC and verify that what you are attempting to send actually works, and the connection establishes ok....
e.g.
# telnet webserver_ip portnumber
GET ${WebPage} HTTP/1.0
Authorization: Basic YmxhaDpibGFo
*Note YmxhaDpibGFo is just the base64 encoding of blah:blah
Replacing WebPage with the actual path such as /
e.g.
# telnet webserver_ip portnumber
GET ${WebPage} HTTP/1.0
Authorization: Basic YmxhaDpibGFo
*Note YmxhaDpibGFo is just the base64 encoding of blah:blah
Replacing WebPage with the actual path such as /
ASKER
Would it be a problem that this is an HTTPS connection???
ASKER
I have been away from the office, IF we were able to purchase a CSS with SSL Module, will this help in viewing the cookie???
We provided the answer regarding how to write keepalive scripts for this platform,
could be useful to others, even if author feels (s)he doesn't need an answer to the question
based on the stated deletion reason of "No longer need answer " ...
could be useful to others, even if author feels (s)he doesn't need an answer to the question
based on the stated deletion reason of "No longer need answer " ...
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
The advanced configuration guide for the CSS contains scripting examples, in particular, one involving HTTP protocol basic Authentication:
http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/css11000series/v5.00/configuration/advanced/guide/AppA.html#wp1004547
In general, you will need to use the sockets API.
You need to determine the exact raw TCP form of the request you want to send to the web server.
Send that.
And then wait for your desired response.