Healthcheck Profiles

The Healthchecks tab (under Web Applications) is where you manage healthcheck profiles.

Create healthcheck profiles to monitor application’s availability against your web servers (containers). You'll choose one healthcheck profile per Web Application. It will be executed against all the web servers listed in the server pool, or against all containers spawned from the docker image ID, according to a user-defined frequency. If one backend web server (container) fails the healthcheck after X attempts, it will be considered down and no request will be steered to it until the service is back. Meanwhile, the firewall will keep probing the backend.

Consequently, if all backend web servers (containers) fail the healthcheck, they will all be considered as down by the firewall, thus leading to application unavailability – meaning the WAF will stop forwarding the traffic on server-side. Instead, it will respond to the client with a user-defined HTTP response code. This “failure response code” is set within the Web Application itself, in the Application tab.

Health check creation wizard: path for performing health check.

While creating a healthcheck profile, specify the preferred HTTP method to query the application, the URL path to be checked, and the response code returned for success.

A standard healthcheck would verify anything (file or folder) available after the /.

You can also specify the “up” and “down” intervals and occurrences to fix the frequency of the probes, along with the amount of successes or failures before changing backend web server’s status. Based on the healthcheck result, the server status is set to active or inactive.

Interval and Occurrences settings for performing health checks.

Good to Know

As per the default settings, a healthcheck request is sent every 15 seconds when the server (container) is up. The healthcheck passes if it receives the expected response code. After 3 consecutive failures, the server is set to inactive.

A healthcheck request is sent every 5 seconds when the server (container) is down (inactive). After 3 consecutive successes, the server is set to active. A healthcheck request is sent every 10 seconds if the server is flapping (alternates between up and down).

A healthcheck request will timeout if it does not receive response within 15 seconds. In this case the healthcheck is marked as failed.

Web site requests are then assigned to the active server, thereby helping you to load balance traffic between multiple servers defined in the server pool.

You can view the healthcheck status for all servers covered by an appliance. Simply go to WAF Appliances > WAF Appliances, and then select an appliance to view the healthcheck information.