This article describes how to create a monitor for a back end server (usually running Windows) that requests basic authentication with a user name and password.

Background

NetScaler appliance uses monitors to track the state of back end servers.

Some back end servers that receive network traffic through the NetScaler appliance might request that all communication needs a user name and password for authentication. By default, the monitors in the NetScaler appliance are not configured to provide a user name and password.

In scenarios where back end servers function as described previously, the HTTP, HTTP-ECV, or TCP-ECV monitors are denied access.

---

Instructions

To create a monitor for a back end server, complete the following procedure:

1. Create a TCP-ECV monitor. TCP-ECV monitors present an authentication header with a value made using a base64-encoded string of the username:password in the request headers.
   Note: Avoid using an HTTP-ECV monitor when sending additional headers such as authentication, host, and so on.

2. Create the base64-encoded string containing the user name and password that the monitor must present.
   Example values:

   Username: nsroot
   Password: citrix

   This can be done from the NetScaler shell as follows:
   NS_52> shell

   Example usage:
   root@ns# echo -n nsroot:citrix| b64encode  -m  - | sed -n '2p'

   Example output:
   bnNyb290OmNpdHJpeA=

3. Use the code generated in the preceding step to create the monitor:
   add lb monitor test_login_tcp TCP-ECV -send "GET / HTTP/1.1\r\nAuthorization: Basic bnNyb290OmNpdHJpeA=\r\nHost: IP_or_FQDN\r\n\r\n" -recv 200 -LRTM ENABLED

4. Bind this monitor to a service that requires authentication as nsroot:citrix.
   Note: The base64-encoded string can also be generated using an external tool such as wFetch.

5. To verify, run the following command:
   show service <service_name>
   Where <service_name> is the name of the service to which the monitor is bound. You should see output similar to the following:

   1)      Monitor Name: test_login_tcp
                   State: UP       Weight: 1
                   Probes: 259     Failed [Total: 0 Current: 0]
                   Last response: Success - Pattern found in response.
                   Response Time: 1.361 millisec
   Done

The above mentioned sample code is provided to you as is with no representations, warranties or conditions of any kind. You may use, modify and distribute it at your own risk. CITRIX DISCLAIMS ALL WARRANTIES WHATSOEVER, EXPRESS, IMPLIED, WRITTEN, ORAL OR STATUTORY, INCLUDING WITHOUT LIMITATION WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE AND NONINFRINGEMENT. Without limiting the generality of the foregoing, you acknowledge and agree that (a) the sample code may exhibit errors, design flaws or other problems, possibly resulting in loss of data or damage to property; (b) it may not be possible to make the sample code fully functional; and (c) Citrix may, without notice or liability to you, cease to make available the current version and/or any future versions of the sample code. In no event should the code be used to support ultra-hazardous activities, including but not limited to life support or blasting activities. NEITHER CITRIX NOR ITS AFFILIATES OR AGENTS WILL BE LIABLE, UNDER BREACH OF CONTRACT OR ANY OTHER THEORY OF LIABILITY, FOR ANY DAMAGES WHATSOEVER ARISING FROM USE OF THE SAMPLE CODE, INCLUDING WITHOUT LIMITATION DIRECT, SPECIAL, INCIDENTAL, PUNITIVE, CONSEQUENTIAL OR OTHER DAMAGES, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Although the copyright in the code belongs to Citrix, any distribution of the sample code should include only your own standard copyright attribution, and not that of Citrix. You agree to indemnify and defend Citrix against any and all claims arising from your use, modification or distribution of the sample code.

This article describes how to create a monitor for a back end server (usually running Windows) that requests basic authentication with a user name and password.