ltm monitor https¶

ltm monitor https(1) BIG-IP TMSH Manual ltm monitor https(1)

NAME
https - Configures a Hypertext Transfer Protocol over Secure Socket Layer (HTTPS) monitor.

MODULE
ltm monitor

SYNTAX
Configure the https component within the ltm monitor module using the syntax in the following sections.

CREATE/MODIFY
create https [name]
modify https [name]
options:
adaptive [enabled | disabled]
adaptive-divergence-type [relative | absolute]
adaptive-divergence-value [integer]
adaptive-limit [integer]
adaptive-sampling-timespan [integer]
app-service [[string] | none]
cert [ [cert list] | none]
cipherlist [string]
compatibility [enabled | disabled]
defaults-from [name]
description [string]
destination [ [ ipv4 address[:port] ] | [ ipv6 address[.port] ] ]
interval [integer]
ip-dscp [integer]
key [ [key] | none]
manual-resume [enabled | disabled]
password [none | [password] ]
recv [none | [string] ]
recv-disable [none | [string] ]
reverse [enabled | disabled]
send [none | [string] ]
ssl-profile [ [ssl server profile] | none]
time-until-up [integer]
timeout [integer]
transparent [enabled | disabled]
up-interval [integer]
username [ [name] | none]

edit https [ [ [name] | [glob] | [regex] ] ... ]
options:
all-properties
non-default-properties

DELETE
delete https [name]

Note: You cannot delete default monitors.

RUN
run https [name] [ destination [ [ ipv4 address[:port] ] | [ ipv6 address[.port] ] ] ]

STOP
stop https [name]

DESCRIPTION
You can use the https component to configure a custom monitor, or you can use the default HTTPS monitor that
the Local Traffic Manager provides. This type of monitor verifies the HTTPS service by attempting to receive
specific content from a Web page protected by Secure Socket Layer (SSL) security.

Note that one of the pre-configured HTTPS monitors is named https_443, which performs a health check on a
server using the IP address supplied by the pool member and port 443.

You can test a custom monitor configuration against a specified target destination by using the run command,
and view the results of such a test by using the show command with the test-result option.

The following user roles (in addition to the root user) have permissions to run and stop an ltm monitor test:

admin, application-editor, manager, operator, resource-admin

EXAMPLES
create https my_https defaults-from https

Creates a monitor named my_https that inherits properties from the default HTTPS monitor.

list https

Displays the properties of all of the HTTPS monitors.

run https my_https destination 10.10.10.10:443

Runs a one-shot test of the custom monitor my_https against a target node at 10.10.10.10:443.

stop https my_https

Cancels a one-shot test of the custom monitor my_https in progress.

show https my_https test-result

Displays the result of the most recent one-shot test of the custom monitor my_https.

OPTIONS
adaptive
Specifies whether the adaptive feature is enabled for this monitor. Not all monitors support the adaptive
feature.

adaptive-divergence-type
Specifies whether the adaptive-divergence-value is relative or absolute.

adaptive-divergence-value
Specifies how far from mean latency each monitor probe is allowed to be. If adaptive-divergence-type is
relative, this value is a percentage deviation from mean (e.g. 50 would indicate the probe is allowed to
exceed the mean latency by 50%.) If adaptive-divergence-type is absolute, this value is an offset from
mean in milliseconds (e.g. 250 would indicate the probe is allowed allowed to exceed the mean latency by
250 ms.) A probe that exceeds latency is counted the same as a probe that is not received, so in the
typical scenario, it will require three missed latencies in a row to mark a pool member or node down
(i.e. a 15-second interval with a 46-second timeout, would require three missed probes before the pool
member or node would be marked down.)

adaptive-limit
Specifies the hard limit, in milliseconds, which the probe is not allowed to exceed, regardless of the
divergence value. For example, if this value is 500, then the probe latency may not exceed 500 ms even if
that would still fall within the divergence value.

adaptive-sampling-timespan
Specifies the size of the sliding window, in seconds, which records probe history. For example, if this
value is 300, then a sliding window of the last five minutes' probe history will be used for calculating
probe mean latency and standard deviation.

app-service
Specifies the name of the application service to which the monitor belongs. The default value is none.
Note: If the strict-updates option is enabled on the application service that owns the object, you cannot
modify or delete the monitor. Only the application service can modify or delete the monitor.

cert Deprecated since v13.1.0. Use ssl-profile instead. Specifies a file object for a client certificate that
the monitor sends to the target SSL server. The default value is none.

cipherlist
Deprecated since v13.1.0. Use ssl-profile instead.

compatibility
Deprecated since v13.1.0. Use ssl-profile instead. Specifies, when enabled, that the SSL options setting
(in OpenSSL) is set to ALL. The default value is enabled.

defaults-from
Specifies the name of the monitor from which you want your custom monitor to inherit settings. The
default value is https.

description
User defined description.

destination
Specifies the IP address and service port of the resource that is the destination of this monitor. The
default value is *:*.

Possible values are:

*:* Specifies to perform a health check on the IP address and port supplied by a pool member.

*:port
Specifies to perform a health check on the server with the IP address supplied by the pool member
and the port you specify.

IP address:port
Specifies to mark a pool member up or down based on the response of the server at the IP address and
port you specify.

IP address:port (with the transparent option enabled)
Specifies to perform a health check on the server at the IP address and port specified in the
monitor, routing the check through the IP address and port supplied by the pool member. The pool
member (the gateway) is marked up or down accordingly.

This option is required for the command run, unless an IP address and service port are specified in the
destination option for the specified custom monitor.

glob Displays the items that match the glob expression. See help glob for a description of glob expression
syntax.

interval
Specifies, in seconds, the frequency at which the system issues the monitor check when either the
resource is down or the status of the resource is unknown. The default value is 5 seconds.

Important: F5 Networks recommends that when you configure this option and the up-interval option,
whichever value is greater be a multiple of the lesser value to allow for an even distribution of monitor
checks among all monitors.

ip-dscp
Specifies the differentiated services code point (DSCP). DSCP is a 6-bit value in the Differentiated
Services (DS) field of the IP header. It can be used to specify the quality of service desired for the
packet. The valid range for this value is 0 to 63 (hex 0x0 to 0x3f). The default value is zero.

key Deprecated since v13.1.0. Use ssl-profile instead. Specifies the RSA private key if the monitored target
requires authentication. The key must be surrounded by quotation marks, for example, key \"client.key\".
Note that if you specify a key, you must also specify a value for the cert option. The default value is
none.

manual-resume
Specifies whether the system automatically changes the status of a resource to up at the next successful
monitor check. The default value of the manual-resume option is disabled.

Note that if you set the manual-resume option to enabled, you must manually mark the resource as up
before the system can use it for load balancing connections.

name Specifies a unique name for the component. This option is required for the commands create, delete,
modify, run and stop.

partition
Displays the administrative partition within which the component resides.

password
Specifies the password if the monitored target requires authentication. The default value is none.

recv Specifies the text string that the monitor looks for in the returned resource. The default value is none.

The most common receive expressions contain a text string that is included in an HTML file on your site.
The text string can be regular text, HTML tags, or image names, and the associated operation is not case-
sensitive. If you do not specify a value for both the send and recv options, the monitor performs a
simple service check and connect only.

recv-disable
Specifies a text string that the monitor looks for in the returned resource. If the text string is
matched in the returned resource, the corresponding node or pool member is marked session disabled. The
default value is none.

You specify a recv-disable string in the same way that you specify a recv string.

If you specify a recv-disable string, you must also specify a recv string. You cannot specify a recv-
disable string, if the reverse option is enabled.

regex
Displays the items that match the regular expression. The regular expression must be preceded by an at
sign (@[regular expression]) to indicate that the identifier is a regular expression. See help regex for
a description of regular expression syntax.

reverse
Specifies whether the monitor operates in reverse mode. When the monitor is in reverse mode, a successful
check marks the monitored object down instead of up. You can use the this mode only if you configure both
the send and recv options.

The default value is disabled, which specifies that the monitor does not operate in reverse mode. The
enabled value specifies that the monitor operates in reverse mode.

send Specifies the text string that the monitor sends to the target object.

The default setting is GET /, which retrieves a default HTML file for a web site. To retrieve a specific
page from a web site, specify a fully-qualified path name, for example, GET /www/company/index.html.

Since the string may have special characters, the system may require that the string be enclosed with
single quotation marks.

If this value is null, then a valid connection suffices to determine that the service is up. In this
case, the system does not need the recv option and ignores the option even if not null.

ssl-profile
Specifies the server side SSL profile that this monitor will use to ping the monitored node or target.

test-result
Displays the result of the most recent one-shot test of the specified monitor(s), if any such test has
been performed since BIG-IP was started.

time-until-up
Specifies the amount of time, in seconds, after the first successful response before a node is marked up.
A value of 0 (zero) causes a node to be marked up immediately after a valid response is received from the
node. The default value is 0 (zero).

timeout
Specifies the number of seconds the target has in which to respond to the monitor request. The default
value is 16 seconds.

If the target responds within the set time period, it is considered up. If the target does not respond
within the set time period, it is considered down. Also, if the target responds with a RESET packet, the
system immediately flags the target as down without waiting for the timeout interval to expire.

transparent
Specifies whether the monitor operates in transparent mode. Monitors in transparent mode can monitor pool
members through firewalls. The default value is disabled.

up-interval
Specifies, in seconds, the frequency at which the system issues the monitor check when the resource is
up. The default value is 0 (zero), which specifies that the system uses the value of the interval option
whether the resource is up or down.

Important: F5 Networks recommends that when you configure this option and the interval option, whichever
value is greater be a multiple of the lesser value to allow for an even distribution of monitor checks
among all monitors.

username
Specifies the username, if the monitored target requires authentication. The default value is none.

SEE ALSO
create, delete, edit, glob, list, modify, regex, run, show, stop, tmsh

COPYRIGHT
No part of this program may be reproduced or transmitted in any form or by any means, electronic or
mechanical, including photocopying, recording, or information storage and retrieval systems, for any purpose
other than the purchaser's personal use, without the express written permission of F5 Networks, Inc.

BIG-IP 2019-05-02 ltm monitor https(1)