Writing a script keepalive on a Cisco 11501

I would like to create a script that tries and log into a webpage... If the page loads all is well, if it fail, I woulf like to put it in a dead state...
axl13Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

MysidiaCommented:
This depends on the content of the login page and the method of submitting login information.

The advanced configuration guide for the CSS contains scripting examples, in particular, one involving HTTP protocol basic Authentication:
http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/css11000series/v5.00/configuration/advanced/guide/AppA.html#wp1004547


In general, you will need to use the sockets API.
You need to determine the exact raw TCP form of the request you want to send to the web server.

Send that.
And then wait for your desired response.





0
axl13Author Commented:
How do I go about finding the RAW TCP form??? Also the connection is HTTPS...
0
Steve JenningsIT ManagerCommented:
axl13 . . . I'm assuming you don't have the SSL offload card for your CSS . . . otherwise why would you be running SSL to the server from the CSS?

So, if the server responded to the auth req over HTTP, wouldn't that be a good indication that things are ok? I can't think of how -- in a normal situation, of course a cert could expire I suppose -- port 443 for example could all of a sudden become unavailable, yet port 80 would still be available.

ALERT! NO REAL VALUE BEING OFFERED IN THE FOLLOWING COMMENT

Get rid of that old Arrowpoint boat anchor that Cisco does such a horrible job of supporting and get a real load balancer.

Good luck,
SteveJ
0
Powerful Yet Easy-to-Use Network Monitoring

Identify excessive bandwidth utilization or unexpected application traffic with SolarWinds Bandwidth Analyzer Pack.

axl13Author Commented:
Is there a way to look at the header, for this keepalive???
0
Steve JenningsIT ManagerCommented:
If that's addressed to me, I don't follow. By "keepalive" are you referring to the process of sending an auth request, supplying a login and then getting a page back?

Good luck,
SteveJ
0
MysidiaCommented:
>How do I go about finding the RAW TCP form??? Also the connection is HTTPS...
Then you have a problem...  it will be  basically impossible to write a script for that.   You need a SSL scripting primitive for that, and there is no way to open a SSL connection from a script, not even in late versions such as CSS 8.10.

The scripting primitives you need are not present on the device.

I suggest writing a  CGI script to handle any SSL testing you intend,  place the script on the web server,  and allow your load balancer to  access the  CGI script and handle the outcome  based on the script you have on the web server.

Your needs are complicated enough, that they exceed the capabilities of your load balancer,  and  it will  likely be an immense waste of time to attempt to  shoe-horn your  test into a load balancer script.

Also, by offloading the script test logic to the other server, you will have choice of programming language the full flexibility of  all capabilities of the server.



For scripting a non-SSL HTTP connection  you need to determine the HTTP data you intend to send,  and what you expect the result to be.

The link I posted earlier has detailed examples of how to do this.

It is impossible to provide specific information for your specific situation without more details about what you are intending to submit to what server and what you are intending to receive.

http://www.ciscosystemsverified.biz/en/US/docs/app_ntwk_services/data_center_app_services/css11500series/v8.10/configuration/administration/guide/Scripts.html#wp1004547


socket send ${SOCKET} "GET ${WebPage} HTTP/1.0\n"
socket send ${SOCKET} "Authorization: Basic " 
socket send ${SOCKET} "${UserPass}" base64
socket send ${SOCKET} "\n\n"

Is an example of how you send raw request data.



They also show an example of where you can transmit a Host: tag for virtual hosts
in the "HTTP Host Tag Keepalive "   example
socket send ${SOCKET} "GET ${WebPage} HTTP/1.0\nHost: ${HostTag}\n\n"


basically the raw form of a HTTP GET request is


GET /path  HTTP/1.0
Host: www.example.com

(enter)



The "Host"  line is a header.
You may need to be sending other headers, depending on the nature of the request.

A post form  submission looks like

POST /abcde.php HTTP/1.0
Host: www2.example.com
Content-type: application/x-www-form-urlencoded

username=beastly+fido&password=password&txtarea_1=+blah+blah+blah&login=1&otherformdata=abcxyz







0
axl13Author Commented:
Mysidia
If I were able to change the service to http, rather https, cause the content rule is allready https, is there a way to evaulate the cookie or header???
0
axl13Author Commented:
Can anyone see why the following does not work... I am getting an error on line 17... I am trying to combinded the ap-kal-httpauth and ap-kal-setcookie

if ${ARGS}[#] "NEQ" "4"
        echo "Usage: ap-kal-httpauth \'Hostname WebPage Username:Password cookieString\'"
        echo "(Ie. ap-kal-httpauth \'192.168.1.1 /index.html bob:mypassword\' 'mycookie=myvalue\')"
        exit script 1
endbranch
set HostName "${ARGS}[1]"
set WebPage "${ARGS}[2]"
set UserPass "${ARGS}[3]"
set CookieData "${ARGS}[4]"
set EXIT_MSG "Connection Failure"
socket connect host ${HostName} port 443 tcp 2000
set EXIT_MSG "Send: Failed"
socket send ${SOCKET} "GET ${WebPage} HTTP/1.0\n"
socket send ${SOCKET} "Authorization: Basic "
socket send ${SOCKET} "${UserPass}" base64
set EXIT_MSG "Waitfor: Failure"
socket waitfor ${SOCKET} "${CookieData}" 2000
no set EXIT_MSG
socket disconnect ${SOCKET}
exit script 0
0
MysidiaCommented:
You probably want to add a line:
socket send ${SOCKET} "\n\n"

in there,   after the  'socket send ${SOCKET} "${UserPass}" base64'
line  and just before the   'set EXIT_MSG "Waitfor: Failure"'


Until you send an additional line feed,  a HTTP request has not yet been completed.

\n  is a standard escape sequence for line feed, by the way,
derived from the C programming language.  Line feed is
the control character for going to the next line
sometimes  also denoted  Control+J  or ^J.
0
axl13Author Commented:
I cleaned it up alittle bit... I did have that line in, but it gave me the error, so I deleted it... Here is what is on the css: error is happening on line 11

set HostName "${ARGS}[1]"
set WebPage "${ARGS}[2]"
set UserPass "${ARGS}[3]"
set CookieData "${ARGS}[4]"
set EXIT_MSG "Connection Failure"
socket connect host ${HostName} port 443 tcp 2000
set EXIT_MSG "Send: Failed"
socket send ${SOCKET} "GET ${WebPage} HTTP/1.0\n"
socket send ${SOCKET} "Authorization: Basic "
socket send ${SOCKET} "${UserPass}" base64
socket send ${SOCKET} "\n\n"
set EXIT_MSG "Waitfor: Failure"
socket waitfor ${SOCKET} "200 OK" 2000
set EXIT_MSG "Connection Failed"
socket connect host ${HostName} port 443 tcp 2000
set EXIT_MSG "Send: Failure"
socket send ${SOCKET} "GET ${WebPage} HTTP/1.0\n\n"
set EXIT_MSG "Waitfor: Failure"
socket waitfor ${SOCKET} "${CookieData}" 2000
no set EXIT_MSG
socket disconnect ${SOCKET}
exit script 0
0
MysidiaCommented:
Try  telnetting manually from a client PC and verify that what you are attempting to send actually works, and the connection establishes ok....

e.g.
# telnet  webserver_ip  portnumber
GET ${WebPage} HTTP/1.0
Authorization: Basic YmxhaDpibGFo

*Note  YmxhaDpibGFo   is just the base64 encoding of  blah:blah

Replacing WebPage with the actual path such as /
0
axl13Author Commented:
Would it be a problem that this is an HTTPS connection???
0
axl13Author Commented:
I have been away from the office, IF we were able to purchase a CSS with SSL Module, will this help in viewing the cookie???
0
MysidiaCommented:
We provided the answer regarding how to write keepalive scripts for this platform,
could be useful to others,  even if author feels  (s)he  doesn't need an answer to the question
based on the stated deletion reason of "No longer need answer " ...
0
MysidiaCommented:
I would like to suggest
PAQ# http:#a30324593 http:#a30642267   http:#a30679334

We provided guidance in regards to the question of how to script this.
We also stated limitations in regard to SSL   (that the CSS hardware does not provide a way for you to script connect to a webserver using SSL and perform a detailed check like the one desired using a SSL connection)
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Content Management

From novice to tech pro — start learning today.