Geek Answers Handbook

Aws load balancer without a health check? or make it work with a non-200 response?

I have a site that I am trying to connect to a load balancer that requires basic authentication. It does not check performance. I assume this is because instead of returning 200, it returns 401.

Similarly, I have another site that is trying to redirect. Therefore, instead of returning 200, it returns 302. And again, this is seen as a failure of the health check. (Why do I want to have load balancing in front of something that just redirects? Due to goofy client requirements, here's why!)

I don’t see the possibility to disable the health check or tell the health checker the answer to a question other than 200, or tell him that he must provide credentials for authentication or ... in any way these problems.

+7
amazon-web-services load-balancing
source share
3 answers

Two alternatives:

  • Configure a specific health check URL that sends non-200 responses when the service is really having problems (eb no connection connection).

  • Change the Ping protocol to TCP in the ELB configuration. That way, it will only check for a successful tcp connection and not make an HTTP request.

+15
source share

If someone else encounters this, you can now set the list of valid response codes in the load balancing health check settings. I added 302 and get a successful response.

+7
source share

This can help you get 200 responses from the backend on the ELB with a health check on the URL on the web page under basic auth. (applies to Apache web servers)
https://www.electrictoolbox.com/apache-password-protection-allow-user-agent/
http://naruzo.typepad.com/blog/2011/01/amazon-ec2-elastic-load-balancing-elb.html

An additional Apache filter to limit health checks by the IP range of your VPC can increase security (see the SetEnvIfExpr Directive section in the link below) https://httpd.apache.org/docs/2.4/mod/mod_setenvif.html

Unfortunately, the Classic ELB still does not support checking a status code other than 200, so if you want this change to be converted, for example, into an ELB application

Creating a separate web page without authentication may also help, but in some cases you may need to check the server’s functionality based on the production website (or any real product page) (in case you have constant deployments, etc. affect your high availability when Apache or another web server is available and still listens on a port or opens a test page, but for some reason the product web page is not available on the machine)

0
source share

More articles:


All Articles