[Nagiosplug-devel] check_http fails to redirect to secure sites

Frank Bulk frnkblk at iname.com
Sun Mar 11 22:10:45 CET 2012



Thanks for investigating.  It sounds like you already understand the
problem.  Do you think it's a load balancer they have sitting in front of
their site?


I agree, there are few sites that work this way, but if you would be willing
to make check_http a bit more flexible you could get it thoroughly against
Sprint's site. =)  




From: Thomas Guyot-Sionnest [mailto:dermoth at aei.ca] 
Sent: Tuesday, March 06, 2012 12:29 AM
To: Nagios Plugin Development Mailing List
Cc: Frank Bulk
Subject: Re: [Nagiosplug-devel] check_http fails to redirect to secure sites


Hash: SHA1

On 12-02-23 11:28 PM, Frank Bulk wrote:

      > Starting this morning two of the sites I monitor failed, 

      > www.sprint.net  <http://www.sprint.net> <http://www.sprint.net> and


      >  <http://www.sprintv6.net> <http://www.sprintv6.net>. After some
testing it?s

      become clear to

      > me that check_http doesn?t currently redirect to secure

      sites, even

      > with the use of the '-f follow' command. I guess Sprint

      turned on

      > redirection to the secure version this morning.


      > Not sure whether to call this a bug or working-as-designed,

      but I?m

      > request the follow feature be enhanced to allow redirection

      to the

      > secure version of host.


      > I'm running check_http version 1.4.15.


      > Here's a copy of my tests:







      > nagios:/etc/nagios3# /usr/lib/nagios/plugins/check_http -H


      > www.sprint.net  <http://www.sprint.net> <http://www.sprint.net> -4


      > CRITICAL - Socket timeout after 10 seconds


      > nagios:/etc/nagios3#


This actually has to do with www.sprint.net not honoring the
"Connection: close" header and leaving the socket open. check_http
currently doesn't rely on the "Content-Length:" header to determine
when the request is complete, it rather insert a "Connection: close"
header in the request and wait for the remote server to close the
socket - if the remote leaves the connection open check_http times out.

So that could be a feature request - however there is so few
devices/webservers working this way that I'm wondering if it's even
valid according to the RFC's - I'd have to check.


- -- 
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.monitoring-plugins.org/archive/devel/attachments/20120311/2ee1fa48/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6517 bytes
Desc: not available
URL: <https://www.monitoring-plugins.org/archive/devel/attachments/20120311/2ee1fa48/attachment.bin>

More information about the Devel mailing list