Jump to content
Welcome to our new Citrix community!

Mcafee Proxy custom health probe - feedback please


Recommended Posts

Hi all

 

The requirement was to test the complete end to end stack in mcafee proxy, including user NTLM authentication. I tried using the internal mechanism (LWP) but couldn't get it to send the auth request. I believe curl scripts are not ideal, so I recommend running this every 60 seconds.

 

For anyone wanting to try this on their ADC, just save the file as nsmcafee.pl in the /netscaler/monitors directory.

 

Feed back is welcomed (especially if there is some way to get the GUI to display some feedback in the monitor "Probe succeeded" vs "Probe failed").

 

#!/usr/bin/perl -w
################################################################
#
## This script is used to do MCAFEE proxy end to end monitoring with authentication
## Argument LIST - *Don't change the order of arguments (and don't argue with me).
## -> The mandatory arguments are:
##      1. creds          => Username and password for the proxy - colon separated eg service-acc:Welcome123
##                                                      (Sorry I've never tested multiple domains)
##      2. url            => URL of the site to check - preferably http to stop redirects and to get a 200 response
#
## The arguments provided by Citrix ADC are
##
##      0. IP Address of the monitor
##      1. Port of the monitor
##      2. List of arguments in a single string - eg creds=service-acc:Welcome123;url=http://neverssl.com
#
## Examples:
##      set monitor ...  -scriptArgs creds=service-acc:Welcome123;url=http://neverssl.com


use strict;
use Netscaler::KAS;

## This function is a handler for performing ftp probe in KAS mode
sub mcafee_probe
{
        ## Test params, we need at least 3
        if(scalar(@_) < 3)
        {
                return (1,"Insufficient number of arguments");
        }

       # Not sure why we need these variables defined. I guess they help for the debug mode?

        my $err_code = 0;
        my $err_string;

        my ($creds,$url)=('',''); ## default values

        ## Parse the argument given, to ensure correct format
        ## If parsing fails, return an error
        $_[2]=~/creds=([^;]+);url=([^;]+)/
                or return (1,"Invalid argument format creds=XX;url=YY vs {$_[2]} ");

        $url = $2;
        $creds = $1;
        my $proxy_string = "http://$creds\@$_[0]:$_[1]";


        my $result = `curl -s -x ${proxy_string} -I ${url}`;
        # The command should look like
        # my $result = `curl -s -x http://service-acc:Welcome123\@10.251.4.51:9090 -I http://neverssl.com`;

        if ($result =~ /200/) {
                # Expand for other response codes - eg 302..
                return (0, $result);
        } elsif ($result =~ /407/) {
                return ($err_code = 1, $err_string = "Authentication failed! 407");
        } else {
                return ($err_code = 1, $err_string = "Something else went wrong {$result} ");
        }
}

## Register probe handler

probe(\&mcafee_probe);

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...