Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

What the Health Check Functionality Tests

  1. Bastion service is up
    Request will time out if service is down

  2. Teams Protector connectivity to DB

  3. Basic functioning of Ethical Wall

  4. Basic functioning of DLP

  5. Agat Internal Services API is functioning
    This is tested implicitly by testing EW + DLP

  6. Agat Client Modifications aren’t known to be broken (when sent to CDN or static script host)

  7. Bastion connectivity to internet

HTTP Response Codes

Code

Failure Type

200

All OK

511

DB connectivity

512

Internet Connectivity

513

Client Modifications/ Script Injection

514

Ethical Wall API

515

DLP API

516

Health status set to negative using API

500

Miscellaneous

Sample Request

Code Block
languagehtml
GET https://Agat-Bastion-Server/teams_protection/healthcheck/proxytest HTTP/1.1
Host: Agat-Bastion-Server
User-Agent: MyLB 

Sample Results

All OK

Code Block
languagehtml
HTTP/1.1 200 SphereShield
Content-Length: 147
Cache-Control: max-age=30, Public
Content-Type: text/html
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Access-Control-Expose-Headers: X-Content-Type-Options,Location,Cache-Control,Pragma,ContextId,Content-Length
Access-Control-Allow-Origin: https://teams.microsoft.com
Access-Control-Allow-Credentials: true
Server: Bastion

{
    "Server-Name": "AG-Bastion-1",
    "Version": "1.2.11.0",
    "rest_api": {
        "DLP": "ok",
        "EW": "ok"
    },
    "scripts_injection": "ok",
    "sql": "ok",
    "teams_server": "OK"
}

Agat Internal Services API Not functioning

Code Block
HTTP/1.1 515 SphereShield
Content-Length: 208
Cache-Control: max-age=30, Public
Content-Type: text/html
Content-Type: application/json; charset=utf-8
X-Content-Type-Options: nosniff
Access-Control-Expose-Headers: X-Content-Type-Options,Location,Cache-Control,Pragma,ContextId,Content-Length
Access-Control-Allow-Origin: https://teams.microsoft.com
Access-Control-Allow-Credentials: true
Server: Bastion

{
    "Server-Name": "AG-Bastion-1",
    "Version": "1.2.11.0",
    "rest_api": {
        "DLP": "Failed to connect to DLP API",
        "EW": "failed to connect to Ethical Wall API"
    },
    "scripts_injection": "ok",
    "sql": "ok",
    "teams_server": "OK"
}

Health Check Options

URL

Type

teams_protection/healthcheck

Regular. Will give cached response if exists and is within 1 min of previous request

teams_protection/healthcheck/Force

Will always perform full health check (DLP, API, etc, ignoring cached

responseJson

response.

teams_protection/healthcheck/Simple

Returns 200 without checking DLP, API, Etc. Returns full response if cached.

teams_protection/healthcheck/NoProxyCheck

If no cache available, skips checking proxy functionality when performing full check

teams_protection/healthcheck/Return200

Same as the regular check but will always return a 200 HTTP response status code even when there is an error. Errors will continue to be visible in json response. (Not implemented yet)

teams_protection/healthcheck/SetUnhealthy/<First 10 chars of DB Key>

All future health checks after this one will return a 516 response until Bastion is restarted. Intended for use if external monitoring detects issues.