summaryrefslogtreecommitdiffstats
path: root/plugins/check_curl.c
diff options
context:
space:
mode:
Diffstat (limited to 'plugins/check_curl.c')
-rw-r--r--plugins/check_curl.c153
1 files changed, 118 insertions, 35 deletions
diff --git a/plugins/check_curl.c b/plugins/check_curl.c
index 1dec8a2a..f63cdea2 100644
--- a/plugins/check_curl.c
+++ b/plugins/check_curl.c
@@ -120,6 +120,14 @@ mp_state_enum np_net_ssl_check_certificate(X509 *certificate, int days_till_exp_
120#endif /* defined(HAVE_SSL) && defined(USE_OPENSSL) */ 120#endif /* defined(HAVE_SSL) && defined(USE_OPENSSL) */
121 121
122int main(int argc, char **argv) { 122int main(int argc, char **argv) {
123#ifdef __OpenBSD__
124 /* - rpath is required to read --extra-opts, CA and/or client certs
125 * - wpath is required to write --cookie-jar (possibly given up later)
126 * - inet is required for sockets
127 * - dns is required for name lookups */
128 pledge("stdio rpath wpath inet dns", NULL);
129#endif // __OpenBSD__
130
123 setlocale(LC_ALL, ""); 131 setlocale(LC_ALL, "");
124 bindtextdomain(PACKAGE, LOCALEDIR); 132 bindtextdomain(PACKAGE, LOCALEDIR);
125 textdomain(PACKAGE); 133 textdomain(PACKAGE);
@@ -135,6 +143,15 @@ int main(int argc, char **argv) {
135 143
136 const check_curl_config config = tmp_config.config; 144 const check_curl_config config = tmp_config.config;
137 145
146#ifdef __OpenBSD__
147 if (!config.curl_config.cookie_jar_file) {
148 if (verbose >= 2) {
149 printf(_("* No \"--cookie-jar\" is used, giving up \"wpath\" pledge(2)\n"));
150 }
151 pledge("stdio rpath inet dns", NULL);
152 }
153#endif // __OpenBSD__
154
138 if (config.output_format_is_set) { 155 if (config.output_format_is_set) {
139 mp_set_format(config.output_format); 156 mp_set_format(config.output_format);
140 } 157 }
@@ -222,10 +239,35 @@ mp_subcheck check_http(const check_curl_config config, check_curl_working_state
222 // ============== 239 // ==============
223 CURLcode res = curl_easy_perform(curl_state.curl); 240 CURLcode res = curl_easy_perform(curl_state.curl);
224 241
242 if (verbose > 1) {
243 printf("* curl_easy_perform returned: %s\n", curl_easy_strerror(res));
244 }
245
225 if (verbose >= 2 && workingState.http_post_data) { 246 if (verbose >= 2 && workingState.http_post_data) {
226 printf("**** REQUEST CONTENT ****\n%s\n", workingState.http_post_data); 247 printf("**** REQUEST CONTENT ****\n%s\n", workingState.http_post_data);
227 } 248 }
228 249
250 // curl_state is updated after curl_easy_perform, and with updated curl_state certificate checks can be done
251 // Check_http tries to check certs as early as possible, and exits with certificate check result by default. Behave similarly.
252#ifdef LIBCURL_FEATURE_SSL
253 if (workingState.use_ssl && config.check_cert) {
254 if (verbose > 1) {
255 printf("* adding a subcheck for the certificate\n");
256 }
257 mp_subcheck sc_certificate = check_curl_certificate_checks(
258 curl_state.curl, cert, config.days_till_exp_warn, config.days_till_exp_crit);
259
260 mp_add_subcheck_to_subcheck(&sc_result, sc_certificate);
261 if (!config.continue_after_check_cert) {
262 if (verbose > 1) {
263 printf("* returning after adding the subcheck for certificate, continuing after "
264 "checking the certificate is turned off\n");
265 }
266 return sc_result;
267 }
268 }
269#endif
270
229 mp_subcheck sc_curl = mp_subcheck_init(); 271 mp_subcheck sc_curl = mp_subcheck_init();
230 272
231 /* Curl errors, result in critical Nagios state */ 273 /* Curl errors, result in critical Nagios state */
@@ -266,18 +308,6 @@ mp_subcheck check_http(const check_curl_config config, check_curl_working_state
266 // Evaluation 308 // Evaluation
267 // ========== 309 // ==========
268 310
269#ifdef LIBCURL_FEATURE_SSL
270 if (workingState.use_ssl && config.check_cert) {
271 mp_subcheck sc_certificate = check_curl_certificate_checks(
272 curl_state.curl, cert, config.days_till_exp_warn, config.days_till_exp_crit);
273
274 mp_add_subcheck_to_subcheck(&sc_result, sc_certificate);
275 if (!config.continue_after_check_cert) {
276 return sc_result;
277 }
278 }
279#endif
280
281 /* we got the data and we executed the request in a given time, so we can append 311 /* we got the data and we executed the request in a given time, so we can append
282 * performance data to the answer always 312 * performance data to the answer always
283 */ 313 */
@@ -857,7 +887,8 @@ check_curl_config_wrapper process_arguments(int argc, char **argv) {
857 COOKIE_JAR, 887 COOKIE_JAR,
858 HAPROXY_PROTOCOL, 888 HAPROXY_PROTOCOL,
859 STATE_REGEX, 889 STATE_REGEX,
860 OUTPUT_FORMAT 890 OUTPUT_FORMAT,
891 NO_PROXY,
861 }; 892 };
862 893
863 static struct option longopts[] = { 894 static struct option longopts[] = {
@@ -872,6 +903,8 @@ check_curl_config_wrapper process_arguments(int argc, char **argv) {
872 {"url", required_argument, 0, 'u'}, 903 {"url", required_argument, 0, 'u'},
873 {"port", required_argument, 0, 'p'}, 904 {"port", required_argument, 0, 'p'},
874 {"authorization", required_argument, 0, 'a'}, 905 {"authorization", required_argument, 0, 'a'},
906 {"proxy", required_argument, 0, 'x'},
907 {"noproxy", required_argument, 0, NO_PROXY},
875 {"proxy-authorization", required_argument, 0, 'b'}, 908 {"proxy-authorization", required_argument, 0, 'b'},
876 {"header-string", required_argument, 0, 'd'}, 909 {"header-string", required_argument, 0, 'd'},
877 {"string", required_argument, 0, 's'}, 910 {"string", required_argument, 0, 's'},
@@ -944,7 +977,7 @@ check_curl_config_wrapper process_arguments(int argc, char **argv) {
944 977
945 while (true) { 978 while (true) {
946 int option_index = getopt_long( 979 int option_index = getopt_long(
947 argc, argv, "Vvh46t:c:w:A:k:H:P:j:T:I:a:b:d:e:p:s:R:r:u:f:C:J:K:DnlLS::m:M:NEB", 980 argc, argv, "Vvh46t:c:w:A:k:H:P:j:T:I:a:x:b:d:e:p:s:R:r:u:f:C:J:K:DnlLS::m:M:NEB",
948 longopts, &option); 981 longopts, &option);
949 if (option_index == -1 || option_index == EOF || option_index == 1) { 982 if (option_index == -1 || option_index == EOF || option_index == 1) {
950 break; 983 break;
@@ -973,7 +1006,7 @@ check_curl_config_wrapper process_arguments(int argc, char **argv) {
973 case 'c': /* critical time threshold */ 1006 case 'c': /* critical time threshold */
974 { 1007 {
975 mp_range_parsed critical_range = mp_parse_range_string(optarg); 1008 mp_range_parsed critical_range = mp_parse_range_string(optarg);
976 if (critical_range.error != MP_PARSING_SUCCES) { 1009 if (critical_range.error != MP_PARSING_SUCCESS) {
977 die(STATE_UNKNOWN, "failed to parse critical threshold: %s", optarg); 1010 die(STATE_UNKNOWN, "failed to parse critical threshold: %s", optarg);
978 } 1011 }
979 result.config.thlds = mp_thresholds_set_crit(result.config.thlds, critical_range.range); 1012 result.config.thlds = mp_thresholds_set_crit(result.config.thlds, critical_range.range);
@@ -982,7 +1015,7 @@ check_curl_config_wrapper process_arguments(int argc, char **argv) {
982 { 1015 {
983 mp_range_parsed warning_range = mp_parse_range_string(optarg); 1016 mp_range_parsed warning_range = mp_parse_range_string(optarg);
984 1017
985 if (warning_range.error != MP_PARSING_SUCCES) { 1018 if (warning_range.error != MP_PARSING_SUCCESS) {
986 die(STATE_UNKNOWN, "failed to parse warning threshold: %s", optarg); 1019 die(STATE_UNKNOWN, "failed to parse warning threshold: %s", optarg);
987 } 1020 }
988 result.config.thlds = mp_thresholds_set_warn(result.config.thlds, warning_range.range); 1021 result.config.thlds = mp_thresholds_set_warn(result.config.thlds, warning_range.range);
@@ -1032,6 +1065,10 @@ check_curl_config_wrapper process_arguments(int argc, char **argv) {
1032 strncpy(result.config.curl_config.user_auth, optarg, MAX_INPUT_BUFFER - 1); 1065 strncpy(result.config.curl_config.user_auth, optarg, MAX_INPUT_BUFFER - 1);
1033 result.config.curl_config.user_auth[MAX_INPUT_BUFFER - 1] = 0; 1066 result.config.curl_config.user_auth[MAX_INPUT_BUFFER - 1] = 0;
1034 break; 1067 break;
1068 case 'x': /* proxy info */
1069 strncpy(result.config.curl_config.proxy, optarg, DEFAULT_BUFFER_SIZE - 1);
1070 result.config.curl_config.proxy[DEFAULT_BUFFER_SIZE - 1] = 0;
1071 break;
1035 case 'b': /* proxy-authorization info */ 1072 case 'b': /* proxy-authorization info */
1036 strncpy(result.config.curl_config.proxy_auth, optarg, MAX_INPUT_BUFFER - 1); 1073 strncpy(result.config.curl_config.proxy_auth, optarg, MAX_INPUT_BUFFER - 1);
1037 result.config.curl_config.proxy_auth[MAX_INPUT_BUFFER - 1] = 0; 1074 result.config.curl_config.proxy_auth[MAX_INPUT_BUFFER - 1] = 0;
@@ -1248,7 +1285,7 @@ check_curl_config_wrapper process_arguments(int argc, char **argv) {
1248 result.config.curl_config.sin_family = AF_INET; 1285 result.config.curl_config.sin_family = AF_INET;
1249 break; 1286 break;
1250 case '6': 1287 case '6':
1251#if defined(USE_IPV6) && defined(LIBCURL_FEATURE_IPV6) 1288#if defined(LIBCURL_FEATURE_IPV6)
1252 result.config.curl_config.sin_family = AF_INET6; 1289 result.config.curl_config.sin_family = AF_INET6;
1253#else 1290#else
1254 usage4(_("IPv6 support not available")); 1291 usage4(_("IPv6 support not available"));
@@ -1258,7 +1295,7 @@ check_curl_config_wrapper process_arguments(int argc, char **argv) {
1258 { 1295 {
1259 mp_range_parsed foo = mp_parse_range_string(optarg); 1296 mp_range_parsed foo = mp_parse_range_string(optarg);
1260 1297
1261 if (foo.error != MP_PARSING_SUCCES) { 1298 if (foo.error != MP_PARSING_SUCCESS) {
1262 die(STATE_CRITICAL, "failed to parse page size limits: %s", optarg); 1299 die(STATE_CRITICAL, "failed to parse page size limits: %s", optarg);
1263 } 1300 }
1264 1301
@@ -1327,6 +1364,10 @@ check_curl_config_wrapper process_arguments(int argc, char **argv) {
1327 case HAPROXY_PROTOCOL: 1364 case HAPROXY_PROTOCOL:
1328 result.config.curl_config.haproxy_protocol = true; 1365 result.config.curl_config.haproxy_protocol = true;
1329 break; 1366 break;
1367 case NO_PROXY:
1368 strncpy(result.config.curl_config.no_proxy, optarg, DEFAULT_BUFFER_SIZE - 1);
1369 result.config.curl_config.no_proxy[DEFAULT_BUFFER_SIZE - 1] = 0;
1370 break;
1330 case '?': 1371 case '?':
1331 /* print short usage statement if args not parsable */ 1372 /* print short usage statement if args not parsable */
1332 usage5(); 1373 usage5();
@@ -1354,35 +1395,35 @@ check_curl_config_wrapper process_arguments(int argc, char **argv) {
1354 * parameters, like -S and -C combinations */ 1395 * parameters, like -S and -C combinations */
1355 result.config.curl_config.ssl_version = CURL_SSLVERSION_DEFAULT; 1396 result.config.curl_config.ssl_version = CURL_SSLVERSION_DEFAULT;
1356 if (tls_option_optarg != NULL) { 1397 if (tls_option_optarg != NULL) {
1357 char *plus_ptr = strchr(optarg, '+'); 1398 char *plus_ptr = strchr(tls_option_optarg, '+');
1358 if (plus_ptr) { 1399 if (plus_ptr) {
1359 got_plus = true; 1400 got_plus = true;
1360 *plus_ptr = '\0'; 1401 *plus_ptr = '\0';
1361 } 1402 }
1362 1403
1363 if (optarg[0] == '2') { 1404 if (tls_option_optarg[0] == '2') {
1364 result.config.curl_config.ssl_version = CURL_SSLVERSION_SSLv2; 1405 result.config.curl_config.ssl_version = CURL_SSLVERSION_SSLv2;
1365 } else if (optarg[0] == '3') { 1406 } else if (tls_option_optarg[0] == '3') {
1366 result.config.curl_config.ssl_version = CURL_SSLVERSION_SSLv3; 1407 result.config.curl_config.ssl_version = CURL_SSLVERSION_SSLv3;
1367 } else if (!strcmp(optarg, "1") || !strcmp(optarg, "1.0")) { 1408 } else if (!strcmp(tls_option_optarg, "1") || !strcmp(tls_option_optarg, "1.0")) {
1368#if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 34, 0) 1409#if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 34, 0)
1369 result.config.curl_config.ssl_version = CURL_SSLVERSION_TLSv1_0; 1410 result.config.curl_config.ssl_version = CURL_SSLVERSION_TLSv1_0;
1370#else 1411#else
1371 result.config.ssl_version = CURL_SSLVERSION_DEFAULT; 1412 result.config.ssl_version = CURL_SSLVERSION_DEFAULT;
1372#endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 34, 0) */ 1413#endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 34, 0) */
1373 } else if (!strcmp(optarg, "1.1")) { 1414 } else if (!strcmp(tls_option_optarg, "1.1")) {
1374#if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 34, 0) 1415#if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 34, 0)
1375 result.config.curl_config.ssl_version = CURL_SSLVERSION_TLSv1_1; 1416 result.config.curl_config.ssl_version = CURL_SSLVERSION_TLSv1_1;
1376#else 1417#else
1377 result.config.ssl_version = CURL_SSLVERSION_DEFAULT; 1418 result.config.ssl_version = CURL_SSLVERSION_DEFAULT;
1378#endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 34, 0) */ 1419#endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 34, 0) */
1379 } else if (!strcmp(optarg, "1.2")) { 1420 } else if (!strcmp(tls_option_optarg, "1.2")) {
1380#if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 34, 0) 1421#if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 34, 0)
1381 result.config.curl_config.ssl_version = CURL_SSLVERSION_TLSv1_2; 1422 result.config.curl_config.ssl_version = CURL_SSLVERSION_TLSv1_2;
1382#else 1423#else
1383 result.config.ssl_version = CURL_SSLVERSION_DEFAULT; 1424 result.config.ssl_version = CURL_SSLVERSION_DEFAULT;
1384#endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 34, 0) */ 1425#endif /* LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 34, 0) */
1385 } else if (!strcmp(optarg, "1.3")) { 1426 } else if (!strcmp(tls_option_optarg, "1.3")) {
1386#if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 52, 0) 1427#if LIBCURL_VERSION_NUM >= MAKE_LIBCURL_VERSION(7, 52, 0)
1387 result.config.curl_config.ssl_version = CURL_SSLVERSION_TLSv1_3; 1428 result.config.curl_config.ssl_version = CURL_SSLVERSION_TLSv1_3;
1388#else 1429#else
@@ -1505,8 +1546,8 @@ void print_help(void) {
1505 printf(" %s\n", "-I, --IP-address=ADDRESS"); 1546 printf(" %s\n", "-I, --IP-address=ADDRESS");
1506 printf(" %s\n", 1547 printf(" %s\n",
1507 "IP address or name (use numeric address if possible to bypass DNS lookup)."); 1548 "IP address or name (use numeric address if possible to bypass DNS lookup).");
1508 printf(" %s\n", "This overwrites the network address of the target while leaving everything " 1549 printf(" %s\n",
1509 "else (HTTP headers) as they are"); 1550 "This overwrites the network address of the target while leaving everything else (HTTP headers) as they are");
1510 printf(" %s\n", "-p, --port=INTEGER"); 1551 printf(" %s\n", "-p, --port=INTEGER");
1511 printf(" %s", _("Port number (default: ")); 1552 printf(" %s", _("Port number (default: "));
1512 printf("%d)\n", HTTP_PORT); 1553 printf("%d)\n", HTTP_PORT);
@@ -1570,8 +1611,7 @@ void print_help(void) {
1570 printf(" %s\n", _("String to expect in the content")); 1611 printf(" %s\n", _("String to expect in the content"));
1571 printf(" %s\n", "-u, --url=PATH"); 1612 printf(" %s\n", "-u, --url=PATH");
1572 printf(" %s\n", _("URL to GET or POST (default: /)")); 1613 printf(" %s\n", _("URL to GET or POST (default: /)"));
1573 printf(" %s\n", _("This is the part after the address in a URL, so for " 1614 printf(" %s\n", _("This is the part after the address in a URL, so for \"https://example.com/index.html\" it would be '-u /index.html'"));
1574 "\"https://example.com/index.html\" it would be '-u /index.html'"));
1575 printf(" %s\n", "-P, --post=STRING"); 1615 printf(" %s\n", "-P, --post=STRING");
1576 printf(" %s\n", _("URL decoded http POST data")); 1616 printf(" %s\n", _("URL decoded http POST data"));
1577 printf(" %s\n", 1617 printf(" %s\n",
@@ -1597,6 +1637,18 @@ void print_help(void) {
1597 printf(" %s\n", "--state-regex=STATE"); 1637 printf(" %s\n", "--state-regex=STATE");
1598 printf(" %s\n", _("Return STATE if regex is found, OK if not. STATE can be one of " 1638 printf(" %s\n", _("Return STATE if regex is found, OK if not. STATE can be one of "
1599 "\"critical\",\"warning\"")); 1639 "\"critical\",\"warning\""));
1640 printf(" %s\n", "-x, --proxy=PROXY_SERVER");
1641 printf(" %s\n", _("Specify the proxy in form of <scheme>://<host(name)>:<port>"));
1642 printf(" %s\n", _("Available schemes are http, https, socks4, socks4a, socks5, socks5h"));
1643 printf(" %s\n", _("If port is not specified, libcurl defaults to 1080"));
1644 printf(" %s\n", _("This value will be set as CURLOPT_PROXY"));
1645 printf(" %s\n", "--noproxy=COMMA_SEPARATED_LIST");
1646 printf(" %s\n", _("Specify hostnames, addresses and subnets where proxy should not be used"));
1647 printf(" %s\n", _("Example usage: \"example.com,::1,1.1.1.1,localhost,192.168.0.0/16\""));
1648 printf(" %s\n", _("Do not use brackets when specifying IPv6 addresses"));
1649 printf(" %s\n", _("Special case when an item is '*' : matches all hosts/addresses "
1650 "and effectively disables proxy."));
1651 printf(" %s\n", _("This value will be set as CURLOPT_NOPROXY"));
1600 printf(" %s\n", "-a, --authorization=AUTH_PAIR"); 1652 printf(" %s\n", "-a, --authorization=AUTH_PAIR");
1601 printf(" %s\n", _("Username:password on sites with basic authentication")); 1653 printf(" %s\n", _("Username:password on sites with basic authentication"));
1602 printf(" %s\n", "-b, --proxy-authorization=AUTH_PAIR"); 1654 printf(" %s\n", "-b, --proxy-authorization=AUTH_PAIR");
@@ -1705,10 +1757,39 @@ void print_help(void) {
1705#endif 1757#endif
1706 1758
1707 printf("\n %s\n", "CHECK WEBSERVER CONTENT VIA PROXY:"); 1759 printf("\n %s\n", "CHECK WEBSERVER CONTENT VIA PROXY:");
1708 printf(" %s\n", _("It is recommended to use an environment proxy like:")); 1760 printf(" %s\n", _("Proxies are specified or disabled for certain hosts/addresses using environment variables"
1709 printf(" %s\n", 1761 " or -x/--proxy and --noproxy arguments:"));
1710 _("http_proxy=http://192.168.100.35:3128 ./check_curl -H www.monitoring-plugins.org")); 1762 printf(" %s\n", _("Checked environment variables: all_proxy, http_proxy, https_proxy, no_proxy"));
1711 printf(" %s\n", _("legacy proxy requests in check_http style still work:")); 1763 printf(" %s\n", _("Environment variables can also be given in uppercase, but the lowercase ones will "
1764 "take predence if both are defined."));
1765 printf(" %s\n", _("The environment variables are overwritten by -x/--proxy and --noproxy arguments:"));
1766 printf(" %s\n", _("all_proxy/ALL_PROXY environment variables are read first, but protocol "
1767 "specific environment variables override them."));
1768 printf(" %s\n", _("If SSL is enabled and used, https_proxy/HTTPS_PROXY will be checked and overwrite "
1769 "http_proxy/HTTPS_PROXY."));
1770 printf(" %s\n", _("Curl accepts proxies using http, https, socks4, socks4a, socks5 and socks5h schemes."));
1771 printf(" %s\n", _("http_proxy=http://192.168.100.35:3128 ./check_curl -H www.monitoring-plugins.org"));
1772 printf(" %s\n", _("http_proxy=http://used.proxy.com HTTP_PROXY=http://ignored.proxy.com ./check_curl -H www.monitoring-plugins.org"));
1773 printf(" %s\n", _(" Lowercase http_proxy takes predence over uppercase HTTP_PROXY"));
1774 printf(" %s\n", _("./check_curl -H www.monitoring-plugins.org -x http://192.168.100.35:3128"));
1775 printf(" %s\n", _("http_proxy=http://unused.proxy1.com HTTP_PROXY=http://unused.proxy2.com ./check_curl "
1776 "-H www.monitoring-plugins.org --proxy http://used.proxy"));
1777 printf(" %s\n", _(" Proxy specified by --proxy overrides any proxy specified by environment variable."));
1778 printf(" %s\n", _(" Curl uses port 1080 by default as port is not specified"));
1779 printf(" %s\n", _("HTTPS_PROXY=http://192.168.100.35:3128 ./check_curl -H www.monitoring-plugins.org --ssl"));
1780 printf(" %s\n", _(" HTTPS_PROXY is read as --ssl is toggled"));
1781 printf(" %s\n", _("./check_curl -H www.monitoring-plugins.org --proxy socks5h://192.168.122.21"));
1782 printf(" %s\n", _("./check_curl -H www.monitoring-plugins.org -x http://unused.proxy.com --noproxy '*'"));
1783 printf(" %s\n", _(" Disabled proxy for all hosts by using '*' in no_proxy ."));
1784 printf(" %s\n", _("NO_PROXY=www.monitoring-plugins.org ./check_curl -H www.monitoring-plugins.org -x http://unused.proxy.com"));
1785 printf(" %s\n", _(" Exact matches with the hostname/address work."));
1786 printf(" %s\n", _("no_proxy=192.168.178.0/24 ./check_curl -I 192.168.178.10 -x http://proxy.acme.org"));
1787 printf(" %s\n", _("no_proxy=acme.org ./check_curl -H nonpublic.internalwebapp.acme.org -x http://proxy.acme.org"));
1788 printf(" %s\n", _(" Do not use proxy when accessing internal domains/addresses, but use a default proxy when accessing public web."));
1789 printf(" %s\n", _(" IMPORTANT: Check_curl can not always determine whether itself or the proxy will "
1790 "resolve a hostname before sending a request and getting an answer."
1791 "This can lead to DNS resolvation issues if hostname is only resolvable over proxy."));
1792 printf(" %s\n", _("Legacy proxy requests in check_http style still work:"));
1712 printf(" %s\n", _("check_curl -I 192.168.100.35 -p 3128 -u http://www.monitoring-plugins.org/ " 1793 printf(" %s\n", _("check_curl -I 192.168.100.35 -p 3128 -u http://www.monitoring-plugins.org/ "
1713 "-H www.monitoring-plugins.org")); 1794 "-H www.monitoring-plugins.org"));
1714 1795
@@ -1739,13 +1820,15 @@ void print_usage(void) {
1739 printf(" %s -H <vhost> | -I <IP-address> [-u <uri>] [-p <port>]\n", progname); 1820 printf(" %s -H <vhost> | -I <IP-address> [-u <uri>] [-p <port>]\n", progname);
1740 printf(" [-J <client certificate file>] [-K <private key>] [--ca-cert <CA certificate " 1821 printf(" [-J <client certificate file>] [-K <private key>] [--ca-cert <CA certificate "
1741 "file>] [-D]\n"); 1822 "file>] [-D]\n");
1742 printf(" [-w <warn time>] [-c <critical time>] [-t <timeout>] [-L] [-E] [-a auth]\n"); 1823 printf(" [-w <warn time>] [-c <critical time>] [-t <timeout>] [-L] [-E] [-x <proxy>]\n");
1743 printf(" [-b proxy_auth] [-f <ok|warning|critical|follow|sticky|stickyport|curl>]\n"); 1824 printf(" [-a auth] [-b proxy_auth] [-f "
1825 "<ok|warning|critical|follow|sticky|stickyport|curl>]\n");
1744 printf(" [-e <expect>] [-d string] [-s string] [-l] [-r <regex> | -R <case-insensitive " 1826 printf(" [-e <expect>] [-d string] [-s string] [-l] [-r <regex> | -R <case-insensitive "
1745 "regex>]\n"); 1827 "regex>]\n");
1746 printf(" [-P string] [-m <min_pg_size>:<max_pg_size>] [-4|-6] [-N] [-M <age>]\n"); 1828 printf(" [-P string] [-m <min_pg_size>:<max_pg_size>] [-4|-6] [-N] [-M <age>]\n");
1747 printf(" [-A string] [-k string] [-S <version>] [--sni] [--haproxy-protocol]\n"); 1829 printf(" [-A string] [-k string] [-S <version>] [--sni] [--haproxy-protocol]\n");
1748 printf(" [-T <content-type>] [-j method]\n"); 1830 printf(" [-T <content-type>] [-j method]\n");
1831 printf(" [--noproxy=<comma separated list of hosts, IP addresses, IP CIDR subnets>\n");
1749 printf(" [--http-version=<version>] [--enable-automatic-decompression]\n"); 1832 printf(" [--http-version=<version>] [--enable-automatic-decompression]\n");
1750 printf(" [--cookie-jar=<cookie jar file>\n"); 1833 printf(" [--cookie-jar=<cookie jar file>\n");
1751 printf(" %s -H <vhost> | -I <IP-address> -C <warn_age>[,<crit_age>]\n", progname); 1834 printf(" %s -H <vhost> | -I <IP-address> -C <warn_age>[,<crit_age>]\n", progname);