Infoblox’s global team of threat hunters uncovers a DNS operation with the ability to bypass traditional security measures and control the Great Firewall of China. Read about “Muddling Meerkat” and the many other threat actors discovered by Infoblox Threat Intel here.



DTC with HTTPS pool monitor issue

New Member
Posts: 2
2557     0

Hi Community,


I have one DTC record with pool that is monitored via simple tcp_https health monitor. Pool members are in fact Pulse Secure VPN gateways with enabled health checking URI (

GET returns HTTP code 200 with simple HTML page with additional information which I would like to evaluate via health monitor. Response is smaller then 1k Bytes.


Once feature is enabled on Pulse Secure response looks more or less like this:

"HTTP/1.1 200 Connection Established
Content-Type: text/html; charset=utf-8
Connection: Keep-Alive
Keep-Alive: timeout=15
Pragma: no-cache
Cache-Control: no-store
Expires: -1
Transfer-Encoding: chunked
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1
Strict-Transport-Security: max-age=31536000"


with simple HTML page:

Health check details:



I am intested in line MAX-LICENSED-USERS-REACHED=[NO/YES] based on that line once number of users will hit license limit I can stop forwarding new users towards that gateway in pool.


First I have created new health monitor to at least catch http code 200 and this works perfect.

Protocol Tab:


Use HTTPS: checked

Request/Response Tab:

HTTP Request: get /dana-na/healthcheck/healthcheck.cgi?status=all http/1.1 host: <IP>

Response Code Check: A valid response code "equals" 200


Test HTTP Health Monitor - IPv4 Test Result: Success - The health criteria ware met.


Then I have tried to extend this new http monitor with aditional evaulaton of response:

Search for the string in response content section

Search in: body


The content is valid if the regular expression is: "found"


Unfortunatelly I was failing with test status: "An error occured while connecting to the DTC server" all the time...


So I started to experiment with different settings and I have found that I am able to evaluate response content only when option "Search in" is set for "Headers". Of course I will not find in headers my precious MAX-LICENSED-USERS-REACHED=NO but at least I could verify if this feature works at all. So as an example I had no issues with looking for SAMEORIGIN string when search in is set to "Headers". Unfortunatelly whenever I try to search various strings or even reg exp. ".*" in  "body" or even "both the heather and body" I am getting same error message "An error occured while connecting to the DTC server".

It is strange as I should at least get same results while looking for SAMEORIGIN string for Search in set to "Headers" and "Both the headers and body" but it is not the case.


HTTP monitor configuration page informs about limit of search in first 5 kB but again Pulse Secure response is much much smaller then that.


I am running code 8.2.7. I have valid support but once NOC tried to open a case with our "support provider" the only response we got was - go to code 8.3.8, 8.4.8 or 8.5.2. The problem is I do not even know if in those versions my problem was solved... Does anyone had similar problem or at least can confirm it this functionallity was fixed in newer NIOS releases?






Re: DTC with HTTPS pool monitor issue

New Member
Posts: 2
2558     0

I will probably answer to my own question...


NIOS-68277 Major
The response content check for the DTC HTTPS health monitor did not work as expected.

Showing results for 
Search instead for 
Did you mean: 

Recommended for You