cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
909
Views
0
Helpful
5
Replies

HTTP Get healthprobe with AD user authentication

Matthew.bennett
Level 1
Level 1

Hi,

I'm throwing this one out there to the ACE module Load-balancing experts!

how do I configure a request method get url for google.co.uk so that it authenticates a healthprobe AD user with a Bluecoat proxy appliance?

The objective here is to have a probe run a http get to google to test our bluecoat proxy appliance and then failover to another real server (or bluecoat appliance)

Thanks

5 Replies 5

Daniel Arrondo Ostiz
Cisco Employee
Cisco Employee

Hi Matthew,

This would partially depend on the authentication type defined on your Bluecoat proxy.

For most of the setups, it should be enough to configure the credentials to be used under the probe parameters with the "(config-probe-http)# credentials " command.

If this doesn't work, you may also try inserting an authentication header inside the request. Again configured under the probe parameters.

For more details on the available options, please refer to http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/vA2_3_0/configuration/slb/guide/probe.html#wp1031398

Regards

Daniel

Hi Daniel,

Actually becuse the GET will come from the vlan addresses on the ACE rather than the VIP used for client connections, we can allow access to google for those addresses unauthenticated!

thanks for your help in any case

Hi Daniel,

I don't know why, but i thought this was working...turns out i was wrong.

The issue I have is that this probe is for a socks connection. So usually I just use a probe on TCP port 1080 to our sock gateway. However, i am trying to perform a GET to google.co.uk on the same port/protocol. This is failing. I'm assuming this is probably related to socks user/password which is version 5.

Can i use the user and password in the probe configuration to authenticate with socks gateway?

many thanks for your help in this matter!

Matthew

Hi Matthew,

I have to admit I'm not 100% sure, but I don't think SOCKS5 authentication is supported for ACE probes.

If it's not possible to use different authentication mechanisms or allow the ACE IP to go out unauthenticated (as you were suggesting), then, another alternative you may consider is creating a TCL script. You can find more details on the TCL probe scripts on ACE at http://www.cisco.com/en/US/partner/docs/interfaces_modules/services_modules/ace/vA2_3_0/configuration/slb/guide/script.html

Regards

Daniel

I think that just purely from a security perspective, we will have to use authentication as the traffic traverses our internal firewal clu

ster.

Thanks for your help and I'll update you on my TCL scripting research and design!

kind regards

Review Cisco Networking for a $25 gift card