Teams Protector Health Check

Owned by Meir Davis
Last updated: Mar 21, 2023
2 min read

What the Health Check Functionality Tests

  1. Bastion service is up
    Request will time out if service is down

  2. Teams Protector connectivity to DB

  3. Basic functioning of Ethical Wall

  4. Basic functioning of DLP

  5. Agat Internal Services API is functioning
    This is tested implicitly by testing EW + DLP

  6. Agat Client Modifications aren’t known to be broken (when sent to CDN or static script host)

  7. Bastion connectivity to internet

HTTP Response Codes

Code

Failure Type

 

Code

Failure Type

 

200

All OK

 

511

DB connectivity

 

512

Internet Connectivity

 

513

Client Modifications/ Script Injection

 

514

Ethical Wall API

 

515

DLP API

 

516

Health status set to negative using API

 

500

Miscellaneous

 

Sample Request

GET https://Agat-Bastion-Server/teams_protection/healthcheck/proxytest HTTP/1.1 Host: Agat-Bastion-Server User-Agent: MyLB

Sample Results

All OK

HTTP/1.1 200 SphereShield Content-Length: 147 Cache-Control: max-age=30, Public Content-Type: text/html Content-Type: application/json; charset=utf-8 X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-Content-Type-Options,Location,Cache-Control,Pragma,ContextId,Content-Length Access-Control-Allow-Origin: https://teams.microsoft.com Access-Control-Allow-Credentials: true Server: Bastion { "Server-Name": "AG-Bastion-1", "Version": "1.2.11.0", "rest_api": { "DLP": "ok", "EW": "ok" }, "scripts_injection": "ok", "sql": "ok", "teams_server": "OK" }

 

Agat Internal Services API Not functioning

HTTP/1.1 515 SphereShield Content-Length: 208 Cache-Control: max-age=30, Public Content-Type: text/html Content-Type: application/json; charset=utf-8 X-Content-Type-Options: nosniff Access-Control-Expose-Headers: X-Content-Type-Options,Location,Cache-Control,Pragma,ContextId,Content-Length Access-Control-Allow-Origin: https://teams.microsoft.com Access-Control-Allow-Credentials: true Server: Bastion { "Server-Name": "AG-Bastion-1", "Version": "1.2.11.0", "rest_api": { "DLP": "Failed to connect to DLP API", "EW": "failed to connect to Ethical Wall API" }, "scripts_injection": "ok", "sql": "ok", "teams_server": "OK" }

Health Check Options

URL

Type

URL

Type

teams_protection/healthcheck

Regular. Will give cached response if exists and is within 1 min of previous request

teams_protection/healthcheck/Force

Will always perform full health check (DLP, API, etc, ignoring cached response.

teams_protection/healthcheck/Simple

Returns 200 without checking DLP, API, Etc. Returns full response if cached.

teams_protection/healthcheck/NoProxyCheck

If no cache available, skips checking proxy functionality when performing full check

teams_protection/healthcheck/Return200

Same as the regular check but will always return a 200 HTTP response status code even when there is an error. Errors will continue to be visible in json response. (Not implemented yet)

teams_protection/healthcheck/SetUnhealthy/<First 10 chars of DB Key>

All future health checks after this one will return a 516 response until Bastion is restarted. Intended for use if external monitoring detects issues.