Question
A load balancer has to do a periodic check to see if the balanced devices in the pool are still available. This can be done using various methods.
The two most used are a real web request (http GET) through the proxy or a TCP handshake on the proxy port.
The TCP handshake is simpler but also limited. A port can still be listening while the daemon that handles the traffic is not functioning anymore.
So the real web request is more sophisticated and can tell you if the proxy process is still running correctly.
Answer
When you would like to do a real check using a URL, you could in fact use any valid URL and expect a HTTP 200 (OK) response.
However, with multiple scanners and multiple checks per second this could have a severe impact on the serving web server.
Therefore it is better to use a non-existing URL that is in a blacklist and blocked by the security policy.
This would return a 403 (Forbidden) response and also provides enough info to conclude that the proxy and scanning process is running correctly.
Vital Security already has a pre-defined URL in a (hidden) blacklist for these purposes.
The URL is; http://host/Vital.Security.Health.Check/
Software Version
8.4.x
8.5.0
- This article applies to:
- NG 1000
- NG 5000
- NG 6000
- NG 8000
- This article was previously published as:
- Finjan KB 1610