ltm monitor https
ltm monitor https(1) BIG-IP TMSH Manual ltm monitor https(1)
NAME
https - Configures a Hypertext Transfer Protocol over Secure Socket Layer (HTTPS) monitor.
MODULE
ltm monitor
SYNTAX
Configure the https component within the ltm monitor module using the syntax in the following sections.
CREATE/MODIFY
create https [name]
modify https [name]
options:
adaptive [enabled | disabled]
adaptive-divergence-type [relative | absolute]
adaptive-divergence-value [integer]
adaptive-limit [integer]
adaptive-sampling-timespan [integer]
app-service [[string] | none]
cert [ [cert list] | none]
cipherlist [string]
compatibility [enabled | disabled]
defaults-from [name]
description [string]
destination [ [ ipv4 address[:port] ] | [ ipv6 address[.port] ] ]
interval [integer]
ip-dscp [integer]
key [ [key] | none]
manual-resume [enabled | disabled]
password [none | [password] ]
recv [none | [string] ]
recv-disable [none | [string] ]
reverse [enabled | disabled]
send [none | [string] ]
ssl-profile [ [ssl server profile] | none]
time-until-up [integer]
timeout [integer]
transparent [enabled | disabled]
up-interval [integer]
username [ [name] | none]
edit https [ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
non-default-properties
DISPLAY
list https
list https [ [ [name] | [glob] | [regex] ] ... ]
show https [ [ [name] | [glob] | [regex] ] ... ]
show running-config https
show running-config https [ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
non-default-properties
one-line
partition
test-result
DELETE
delete https [name]
Note: You cannot delete default monitors.
RUN
run https [name] [ destination [ [ ipv4 address[:port] ] | [ ipv6 address[.port] ] ] ]
STOP
stop https [name]
DESCRIPTION
You can use the https component to configure a custom monitor, or you can use the default HTTPS monitor that the Local
Traffic Manager provides. This type of monitor verifies the HTTPS service by attempting to receive specific content from a
Web page protected by Secure Socket Layer (SSL) security.
Note that one of the pre-configured HTTPS monitors is named https_443, which performs a health check on a server using the
IP address supplied by the pool member and port 443.
You can test a custom monitor configuration against a specified target destination by using the run command, and view the
results of such a test by using the show command with the test-result option.
The following user roles (in addition to the root user) have permissions to run and stop an ltm monitor test:
admin, application-editor, manager, operator, resource-admin
EXAMPLES
create https my_https defaults-from https
Creates a monitor named my_https that inherits properties from the default HTTPS monitor.
list https
Displays the properties of all of the HTTPS monitors.
run https my_https destination 10.10.10.10:443
Runs a one-shot test of the custom monitor my_https against a target node at 10.10.10.10:443.
stop https my_https
Cancels a one-shot test of the custom monitor my_https in progress.
show https my_https test-result
Displays the result of the most recent one-shot test of the custom monitor my_https.
OPTIONS
adaptive
Specifies whether the adaptive feature is enabled for this monitor. Not all monitors support the adaptive feature.
adaptive-divergence-type
Specifies whether the adaptive-divergence-value is relative or absolute.
adaptive-divergence-value
Specifies how far from mean latency each monitor probe is allowed to be. If adaptive-divergence-type is relative, this
value is a percentage deviation from mean (e.g. 50 would indicate the probe is allowed to exceed the mean latency by
50%.) If adaptive-divergence-type is absolute, this value is an offset from mean in milliseconds (e.g. 250 would
indicate the probe is allowed allowed to exceed the mean latency by 250 ms.) A probe that exceeds latency is counted
the same as a probe that is not received, so in the typical scenario, it will require three missed latencies in a row
to mark a pool member or node down (i.e. a 15-second interval with a 46-second timeout, would require three missed
probes before the pool member or node would be marked down.)
adaptive-limit
Specifies the hard limit, in milliseconds, which the probe is not allowed to exceed, regardless of the divergence
value. For example, if this value is 500, then the probe latency may not exceed 500 ms even if that would still fall
within the divergence value.
adaptive-sampling-timespan
Specifies the size of the sliding window, in seconds, which records probe history. For example, if this value is 300,
then a sliding window of the last five minutes' probe history will be used for calculating probe mean latency and
standard deviation.
app-service
Specifies the name of the application service to which the monitor belongs. The default value is none. Note: If the
strict-updates option is enabled on the application service that owns the object, you cannot modify or delete the
monitor. Only the application service can modify or delete the monitor.
cert Deprecated since v13.1.0. Use ssl-profile instead. Specifies a file object for a client certificate that the monitor
sends to the target SSL server. The default value is none.
cipherlist
Deprecated since v13.1.0. Use ssl-profile instead.
compatibility
Deprecated since v13.1.0. Use ssl-profile instead. Specifies, when enabled, that the SSL options setting (in OpenSSL)
is set to ALL. The default value is enabled.
defaults-from
Specifies the name of the monitor from which you want your custom monitor to inherit settings. The default value is
https.
description
User defined description.
destination
Specifies the IP address and service port of the resource that is the destination of this monitor. The default value
is *:*.
Possible values are:
*:* Specifies to perform a health check on the IP address and port supplied by a pool member.
*:port
Specifies to perform a health check on the server with the IP address supplied by the pool member and the port
you specify.
IP address:port
Specifies to mark a pool member up or down based on the response of the server at the IP address and port you
specify.
IP address:port (with the transparent option enabled)
Specifies to perform a health check on the server at the IP address and port specified in the monitor, routing
the check through the IP address and port supplied by the pool member. The pool member (the gateway) is marked up
or down accordingly.
This option is required for the command run, unless an IP address and service port are specified in the destination
option for the specified custom monitor.
glob Displays the items that match the glob expression. See help glob for a description of glob expression syntax.
interval
Specifies, in seconds, the frequency at which the system issues the monitor check when either the resource is down or
the status of the resource is unknown. The default value is 5 seconds.
Important: F5 Networks recommends that when you configure this option and the up-interval option, whichever value is
greater be a multiple of the lesser value to allow for an even distribution of monitor checks among all monitors.
ip-dscp
Specifies the differentiated services code point (DSCP). DSCP is a 6-bit value in the Differentiated Services (DS)
field of the IP header. It can be used to specify the quality of service desired for the packet. The valid range for
this value is 0 to 63 (hex 0x0 to 0x3f). The default value is zero.
key Deprecated since v13.1.0. Use ssl-profile instead. Specifies the RSA private key if the monitored target requires
authentication. The key must be surrounded by quotation marks, for example, key \"client.key\". Note that if you
specify a key, you must also specify a value for the cert option. The default value is none.
manual-resume
Specifies whether the system automatically changes the status of a resource to up at the next successful monitor
check. The default value of the manual-resume option is disabled.
Note that if you set the manual-resume option to enabled, you must manually mark the resource as up before the system
can use it for load balancing connections.
name Specifies a unique name for the component. This option is required for the commands create, delete, modify, run and
stop.
partition
Displays the administrative partition within which the component resides.
password
Specifies the password if the monitored target requires authentication. The default value is none.
recv Specifies the text string that the monitor looks for in the returned resource. The default value is none.
The most common receive expressions contain a text string that is included in an HTML file on your site. The text
string can be regular text, HTML tags, or image names, and the associated operation is not case-sensitive. If you do
not specify a value for both the send and recv options, the monitor performs a simple service check and connect only.
recv-disable
Specifies a text string that the monitor looks for in the returned resource. If the text string is matched in the
returned resource, the corresponding node or pool member is marked session disabled. The default value is none.
You specify a recv-disable string in the same way that you specify a recv string.
If you specify a recv-disable string, you must also specify a recv string. You cannot specify a recv-disable string,
if the reverse option is enabled.
regex
Displays the items that match the regular expression. The regular expression must be preceded by an at sign (@[regular
expression]) to indicate that the identifier is a regular expression. See help regex for a description of regular
expression syntax.
reverse
Specifies whether the monitor operates in reverse mode. When the monitor is in reverse mode, a successful check marks
the monitored object down instead of up. You can use the this mode only if you configure both the send and recv
options.
The default value is disabled, which specifies that the monitor does not operate in reverse mode. The enabled value
specifies that the monitor operates in reverse mode.
send Specifies the text string that the monitor sends to the target object.
The default setting is GET /, which retrieves a default HTML file for a web site. To retrieve a specific page from a
web site, specify a fully-qualified path name, for example, GET /www/company/index.html.
Since the string may have special characters, the system may require that the string be enclosed with single quotation
marks.
If this value is null, then a valid connection suffices to determine that the service is up. In this case, the system
does not need the recv option and ignores the option even if not null.
ssl-profile
Specifies the server side SSL profile that this monitor will use to ping the monitored node or target.
test-result
Displays the result of the most recent one-shot test of the specified monitor(s), if any such test has been performed
since BIG-IP was started.
time-until-up
Specifies the amount of time, in seconds, after the first successful response before a node is marked up. A value of 0
(zero) causes a node to be marked up immediately after a valid response is received from the node. The default value
is 0 (zero).
timeout
Specifies the number of seconds the target has in which to respond to the monitor request. The default value is 16
seconds.
If the target responds within the set time period, it is considered up. If the target does not respond within the set
time period, it is considered down. Also, if the target responds with a RESET packet, the system immediately flags the
target as down without waiting for the timeout interval to expire.
transparent
Specifies whether the monitor operates in transparent mode. Monitors in transparent mode can monitor pool members
through firewalls. The default value is disabled.
up-interval
Specifies, in seconds, the frequency at which the system issues the monitor check when the resource is up. The default
value is 0 (zero), which specifies that the system uses the value of the interval option whether the resource is up or
down.
Important: F5 Networks recommends that when you configure this option and the interval option, whichever value is
greater be a multiple of the lesser value to allow for an even distribution of monitor checks among all monitors.
username
Specifies the username, if the monitored target requires authentication. The default value is none.
SEE ALSO
create, delete, edit, glob, list, modify, regex, run, show, stop, tmsh
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or by any means, electronic or mechanical, including
photocopying, recording, or information storage and retrieval systems, for any purpose other than the purchaser's personal
use, without the express written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2008-2010, 2012-2013, 2016-2017. All rights reserved.
BIG-IP 2019-05-02 ltm monitor https(1)