Squid Proxy Heath Check

HA

Hello,

I'm currently evaluating A10 (so I'm a newbie !) and I have question about Health Check.
I configured two Squid Servers for Load Balancing.
The health check is done using a TCP session (to port 8080) and sending the command 'GET http://www.google.com\r\n".
It works fine but I would like also check the Response HTTP code from the proxy (basically 200,301,302) to be sure the proxy is working correctly (no problem on the ISP line, etc)

Next, I will create two other checks (like www.facebook.com and www.microsoft.com) and if 2 of the 3 checks fails (compund check), the squid proxy should be consider EOS.

How to write such script ?

Regards,

HA

[Deleted User]

Hi HA,
You can set a HTTP health monitor to look at response codes using the standard health template - see attached image.

You could also on the server in question have a script that checks the other two site and put the logic there.

Another option would be to create an external health monitor that check the three sites and use that monitor.

Thanks
Michael.

HA

Hello Michael,

First, thanks a lot for your help.
Unfortunately, the HTTP Health Monitoring doesn't work in this case.
In fact, the Proxy is expecting a URL in the format 'GET http://X.Y.Z'.
In the URL field of the GUI, you cannot enter such kind of text (must start with /).

PS : I have no experience with TCL or Perl script.
PS2: I coming from Netscaler planet where everything is done from the GUI...

Regards,

HA

mischa

You can do this in the GUI as well. You just need to add an External Program.

Config Mode -> Service -> Health Monitor -> External Program -> Add
Name: squid.sh
Add the below script:
#!/bin/bash if [ x"$1" == x ]; then exit -1 fi curl -I -x/ --proxy $HM_SRV_IPADDR:$HM_SRV_PORT HTTP://$1 > /dev/null 2>&1 exit $?

Config Mode -> Service -> Health Monitor -> Health Monitor -> Add
Name: hm-proxy
Method: External
Program: squid.sh

Add this Health Monitor to the service-group or server port.

kdunaev

Hi,

We did such a healthchecking for Bluecoat cacheservers and used just a "host:" option.

I can't give you a GUI example, but here is the CLI config:


health monitor HM_GG interval 3 retry 2 timeout 3
strictly-retry-on-server-error-response
method http url HEAD / expect response-code 200,301,302 host www.google.com
!
health monitor HM_FB interval 3 retry 2 timeout 3
strictly-retry-on-server-error-response
method http url HEAD / expect response-code 200,301,302 host www.facebook.com
!
health monitor HM_MS interval 3 retry 2 timeout 3
strictly-retry-on-server-error-response
method http url HEAD / expect response-code 200,301,302 host www.microsoft.com
!
health monitor Compound_Or_HM interval 10 retry 1 timeout 10
strictly-retry-on-server-error-response
method compound sub HM_GG sub HM_FB or sub HM_MS or


if you assign the compound check to the server, it will fail if ALL 3 checks fail. You can play around with "or's" and "and's" to achieve your expected configuration.

mischa

One thing I forgot the $1 is set when you add an argument to the Health Monitor:

Argument: http://

Thanx Dave!

HA

Hello,

First, thanks a lot for your help.
When I try kdunaev's solution, I got an error message :
SoftAX(config)#health monitor HM_GG interval 3 retry 2 timeout 3
SoftAX(config-health:monitor)#strictly-retry-on-server-error-response
SoftAX(config-health:monitor)#$ode 200,301,302 host http://www.google.com
method http url HEAD / expect response-code 200,301,302 host http://www.google.c
^
% Unrecognized command.Invalid input detected at '^' marker.

Now with Mischa's script, I got a valid response from the squid :
192.168.1.210 TCP_MISS/302 934 HEAD http://www.google.com/ - DIRECT/173.194.69.147 text/html

Now If my change my firewall to block HTTP from the proxy (ISP failure simulation), I got the following message from the squid :
TCP_MISS/000 0 HEAD http://www.google.com/ - DIRECT/www.google.com -

The Health Check fails, so the script is working fine !

Thanks Mischa !!

Regards,

HA