18

I have a site I am trying to attach to a load balancer that requires Basic Authentication. It fails the health check. I'm guessing this is because instead of returning a 200 it's returning a 401.

Similarly, I have another site that is trying to do a redirect. So instead of returning a 200 it's returning a 302. And again, this is treated as a failure by the health check. (Why do I want to have a load balancer in front of something that just redirects? Because of goofy client requirements, that's why!)

I don't see any way to just disable the health check, or to tell the health checker to accept a response other than a 200, or to tell it to supply authentication credentials, or ... any way around either of these problems.

Jay
  • 26,876
  • 10
  • 61
  • 112

3 Answers3

23

Two alternatives:

  • Configure a specific url for the health check, one that only sends non-200 responses when the service is really having problems (e.b. no database connection).

  • Change the Ping Protocol to TCP in the ELB configuration. That way it will only check for a sucessful tcp connection and not perform an http request.

Julio Faerman
  • 13,228
  • 9
  • 57
  • 75
18

If anyone else comes across this, you can now set a list of valid response codes in the load balancer health check settings. I added 302 and get a success reply now.

Si-N
  • 1,495
  • 1
  • 13
  • 27
  • 1
    This is a more current, correct answer in 2017. For me it was responding to the 401 as a successful health check, and adding it alongside 200 worked perfectly in the Healthcheck configuration. – Scott Byers Apr 27 '17 at 21:03
  • 1
    One additional note for anyone coming across this: It doesn't appear that you can reconfigure an existing ELB to accept other HTTP codes as successful, but rather you'll have to create a new ELB and set the HTTP codes to accept there. – Alex W Aug 15 '17 at 18:48
1

This might help you to get 200 response from backend to ELB with health check on url on web page under basic auth. (relates to Apache web servers)
https://www.electrictoolbox.com/apache-password-protection-allow-user-agent/
http://naruzo.typepad.com/blog/2011/01/amazon-ec2-elastic-load-balancing-elb.html

Additional filter on Apache to restrict health check by IP range of your VPC might increase security (SetEnvIfExpr Directive section in link below) https://httpd.apache.org/docs/2.4/mod/mod_setenvif.html

Also unfortunately Classic ELB still does not support status code check other than 200 so if you want this change you might convert to e.g Application ELB

Creation of separate web page without authentication might help also, but in some cases you might want to check health of the server relying on production (or any real product page) web site (in case you have constant deployments, etc those might affect your high availability when Apache or other web server is available and still listening on the port or opens test page but product web page is unavailable for some reason on machine)

aledra
  • 11
  • 1