From 09a2210c477932c8df40ff820414b3a9bbec10fb Mon Sep 17 00:00:00 2001 From: Rasp8e Date: Tue, 17 Oct 2017 15:19:43 +0200 Subject: Adding Proxy-Authorization and extra headers in the case of connection through PROXY to HTTPS --- plugins/check_http.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+) (limited to 'plugins/check_http.c') diff --git a/plugins/check_http.c b/plugins/check_http.c index 86a36c20..2e393eb2 100644 --- a/plugins/check_http.c +++ b/plugins/check_http.c @@ -916,6 +916,21 @@ check_http (void) if (verbose) printf ("Entering CONNECT tunnel mode with proxy %s:%d to dst %s:%d\n", server_address, server_port, host_name, HTTPS_PORT); asprintf (&buf, "%s %s:%d HTTP/1.1\r\n%s\r\n", http_method, host_name, HTTPS_PORT, user_agent); + if (strlen(proxy_auth)) { + base64_encode_alloc (proxy_auth, strlen (proxy_auth), &auth); + xasprintf (&buf, "%sProxy-Authorization: Basic %s\r\n", buf, auth); + } + /* optionally send any other header tag */ + if (http_opt_headers_count) { + for (i = 0; i < http_opt_headers_count ; i++) { + if (force_host_header != http_opt_headers[i]) { + xasprintf (&buf, "%s%s\r\n", buf, http_opt_headers[i]); + } + } + /* This cannot be free'd here because a redirection will then try to access this and segfault */ + /* Covered in a testcase in tests/check_http.t */ + /* free(http_opt_headers); */ + } asprintf (&buf, "%sProxy-Connection: keep-alive\r\n", buf); asprintf (&buf, "%sHost: %s\r\n", buf, host_name); /* we finished our request, send empty line with CRLF */ -- cgit v1.2.3-74-g34f1 From 22c00bbe47d2bed5e77ad1d494502c4697a86abb Mon Sep 17 00:00:00 2001 From: Stefan Bethke Date: Wed, 10 Oct 2018 00:40:07 +0200 Subject: Docs check_http: make -C obvious You need to read the docs carefully to realize that check_http has two modes of operation: the regular HTTP checks, and a TLS certificate check. Only one of these can be run in a single invocation. Fixes #1553 --- plugins/check_http.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'plugins/check_http.c') diff --git a/plugins/check_http.c b/plugins/check_http.c index 86a36c20..d540bf7d 100644 --- a/plugins/check_http.c +++ b/plugins/check_http.c @@ -1532,6 +1532,10 @@ print_help (void) print_usage (); +#ifdef HAVE_SSL + printf (_("In the first form, make an HTTP request.")); + printf (_("In the second form, connect to the server and check the TLS certificate.")); +#endif printf (_("NOTE: One or both of -H and -I must be specified")); printf ("\n"); @@ -1688,6 +1692,8 @@ print_usage (void) printf (" [-b proxy_auth] [-f ]\n"); printf (" [-e ] [-d string] [-s string] [-l] [-r | -R ]\n"); printf (" [-P string] [-m :] [-4|-6] [-N] [-M ]\n"); - printf (" [-A string] [-k string] [-S ] [--sni] [-C [,]]\n"); + printf (" [-A string] [-k string] [-S ] [--sni]\n"); printf (" [-T ] [-j method]\n"); + printf (" %s -H | -I -C [,]\n",progname); + printf (" [-p ] [-t ] [-4|-6] [--sni]\n"); } -- cgit v1.2.3-74-g34f1 From d659f8d99faa0738be0ddcdb822f41e7f8c7f829 Mon Sep 17 00:00:00 2001 From: Markus Frosch Date: Wed, 31 Oct 2018 15:22:50 +0100 Subject: Allow user to specify HTTP method after proxy CONNECT Simple format, avoids refactoring the CONNECT feature. --- plugins/check_http.c | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) (limited to 'plugins/check_http.c') diff --git a/plugins/check_http.c b/plugins/check_http.c index 86a36c20..1e2a54c8 100644 --- a/plugins/check_http.c +++ b/plugins/check_http.c @@ -126,6 +126,7 @@ int max_page_len = 0; int redir_depth = 0; int max_depth = 15; char *http_method; +char *http_method_proxy; char *http_post_data; char *http_content_type; char buffer[MAX_INPUT_BUFFER]; @@ -446,6 +447,12 @@ process_arguments (int argc, char **argv) if (http_method) free(http_method); http_method = strdup (optarg); + char *tmp; + if ((tmp = strstr(http_method, ":")) > 0) { + tmp[0] = '\0'; + http_method = http_method; + http_method_proxy = ++tmp; + } break; case 'd': /* string or substring */ strncpy (header_expect, optarg, MAX_INPUT_BUFFER - 1); @@ -566,6 +573,9 @@ process_arguments (int argc, char **argv) if (http_method == NULL) http_method = strdup ("GET"); + if (http_method_proxy == NULL) + http_method_proxy = strdup ("GET"); + if (client_cert && !client_privkey) usage4 (_("If you use a client certificate you must also specify a private key file")); @@ -950,7 +960,7 @@ check_http (void) if ( server_address != NULL && strcmp(http_method, "CONNECT") == 0 && host_name != NULL && use_ssl == TRUE) - asprintf (&buf, "%s %s %s\r\n%s\r\n", "GET", server_url, host_name ? "HTTP/1.1" : "HTTP/1.0", user_agent); + asprintf (&buf, "%s %s %s\r\n%s\r\n", http_method_proxy, server_url, host_name ? "HTTP/1.1" : "HTTP/1.0", user_agent); else asprintf (&buf, "%s %s %s\r\n%s\r\n", http_method, server_url, host_name ? "HTTP/1.1" : "HTTP/1.0", user_agent); @@ -1581,7 +1591,7 @@ print_help (void) printf (" %s\n", _("URL to GET or POST (default: /)")); printf (" %s\n", "-P, --post=STRING"); printf (" %s\n", _("URL encoded http POST data")); - printf (" %s\n", "-j, --method=STRING (for example: HEAD, OPTIONS, TRACE, PUT, DELETE, CONNECT)"); + printf (" %s\n", "-j, --method=STRING (for example: HEAD, OPTIONS, TRACE, PUT, DELETE, CONNECT, CONNECT:POST)"); printf (" %s\n", _("Set HTTP method.")); printf (" %s\n", "-N, --no-body"); printf (" %s\n", _("Don't wait for document body: stop reading after headers.")); @@ -1668,7 +1678,8 @@ print_help (void) printf (" %s\n", _("all these options are needed: -I -p -u -S(sl) -j CONNECT -H ")); printf (" %s\n", _("a STATE_OK will be returned. When the server returns its content but exceeds")); printf (" %s\n", _("the 5-second threshold, a STATE_WARNING will be returned. When an error occurs,")); - printf (" %s\n", _("a STATE_CRITICAL will be returned.")); + printf (" %s\n", _("a STATE_CRITICAL will be returned. By adding a colon to the method you can set the method used")); + printf (" %s\n", _("inside the proxied connection: -j CONNECT:POST")); #endif -- cgit v1.2.3-74-g34f1 From 9966ebcd8494083a1b87e7d368bedfffb5e5fe59 Mon Sep 17 00:00:00 2001 From: Tobias Wolf Date: Fri, 9 Nov 2018 23:48:56 +0100 Subject: Add new flag --show-body/-B to print body This should help with figuring out ia problem at a glance when enabled for healthz endpoints on web APIs, for example. The content of the body can point to what the problem is and help with diagnostics. Fixes #1559 --- plugins/check_http.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) (limited to 'plugins/check_http.c') diff --git a/plugins/check_http.c b/plugins/check_http.c index 1e2a54c8..856e1e90 100644 --- a/plugins/check_http.c +++ b/plugins/check_http.c @@ -120,6 +120,7 @@ int use_ssl = FALSE; int use_sni = FALSE; int verbose = FALSE; int show_extended_perfdata = FALSE; +int show_body = FALSE; int sd; int min_page_len = 0; int max_page_len = 0; @@ -240,6 +241,7 @@ process_arguments (int argc, char **argv) {"use-ipv4", no_argument, 0, '4'}, {"use-ipv6", no_argument, 0, '6'}, {"extended-perfdata", no_argument, 0, 'E'}, + {"show-body", no_argument, 0, 'B'}, {0, 0, 0, 0} }; @@ -260,7 +262,7 @@ process_arguments (int argc, char **argv) } while (1) { - c = getopt_long (argc, argv, "Vvh46t:c:w:A:k:H:P:j:T:I:a:b:d:e:p:s:R:r:u:f:C:J:K:nlLS::m:M:NE", longopts, &option); + c = getopt_long (argc, argv, "Vvh46t:c:w:A:k:H:P:j:T:I:a:b:d:e:p:s:R:r:u:f:C:J:K:nlLS::m:M:NEB", longopts, &option); if (c == -1 || c == EOF) break; @@ -547,6 +549,9 @@ process_arguments (int argc, char **argv) case 'E': /* show extended perfdata */ show_extended_perfdata = TRUE; break; + case 'B': /* print body content after status line */ + show_body = TRUE; + break; } } @@ -1300,6 +1305,9 @@ check_http (void) perfd_time (elapsed_time), perfd_size (page_len)); + if (show_body) + xasprintf (&msg, _("%s\n%s"), msg, page); + result = max_state_alt(get_status(elapsed_time, thlds), result); die (result, "HTTP %s: %s\n", state_text(result), msg); @@ -1621,6 +1629,8 @@ print_help (void) printf (" %s\n", _("Any other tags to be sent in http header. Use multiple times for additional headers")); printf (" %s\n", "-E, --extended-perfdata"); printf (" %s\n", _("Print additional performance data")); + printf (" %s\n", "-B, --show-body"); + printf (" %s\n", _("Print body content below status line")); printf (" %s\n", "-L, --link"); printf (" %s\n", _("Wrap output in HTML link (obsoleted by urlize)")); printf (" %s\n", "-f, --onredirect="); -- cgit v1.2.3-74-g34f1 From 0a58acc7052d4962d8fe68aeb6919b59dfdef1cf Mon Sep 17 00:00:00 2001 From: Tomas Mozes Date: Wed, 5 Dec 2018 12:50:53 +0100 Subject: plugins: check_http: Increase regexp limit --- plugins/check_http.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'plugins/check_http.c') diff --git a/plugins/check_http.c b/plugins/check_http.c index 856e1e90..a25f1ec0 100644 --- a/plugins/check_http.c +++ b/plugins/check_http.c @@ -72,7 +72,7 @@ int maximum_age = -1; enum { REGS = 2, - MAX_RE_SIZE = 256 + MAX_RE_SIZE = 1024 }; #include "regex.h" regex_t preg; -- cgit v1.2.3-74-g34f1 From f7f0f7d4671300e54e5d70278fa419c2782d9ef6 Mon Sep 17 00:00:00 2001 From: Tobias Wolf Date: Tue, 12 Feb 2019 13:01:23 +0100 Subject: Also support the --show-body/-B flag when --expect is used --- plugins/check_http.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'plugins/check_http.c') diff --git a/plugins/check_http.c b/plugins/check_http.c index 856e1e90..de59a068 100644 --- a/plugins/check_http.c +++ b/plugins/check_http.c @@ -1155,6 +1155,8 @@ check_http (void) xasprintf (&msg, _("Invalid HTTP response received from host on port %d: %s\n"), server_port, status_line); + if (show_body) + xasprintf (&msg, _("%s\n%s"), msg, page); die (STATE_CRITICAL, "HTTP CRITICAL - %s", msg); } -- cgit v1.2.3-74-g34f1 From a1af8be9781ccdf36087a9e42fa18cfd468f1401 Mon Sep 17 00:00:00 2001 From: Daniel Uhlmann Date: Thu, 24 Jun 2021 11:37:14 +0200 Subject: changed 'STATE_CRITICAL' to 'STATE_WARNING' for infinite loop --- plugins/check_http.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'plugins/check_http.c') diff --git a/plugins/check_http.c b/plugins/check_http.c index 0b712665..34fb4f01 100644 --- a/plugins/check_http.c +++ b/plugins/check_http.c @@ -1453,8 +1453,8 @@ redir (char *pos, char *status_line) !strncmp(server_address, addr, MAX_IPV4_HOSTLENGTH) && (host_name && !strncmp(host_name, addr, MAX_IPV4_HOSTLENGTH)) && !strcmp(server_url, url)) - die (STATE_WARNING, - _("HTTP WARNING - redirection creates an infinite loop - %s://%s:%d%s%s\n"), + die (STATE_CRITICAL, + _("HTTP CRITICAL - redirection creates an infinite loop - %s://%s:%d%s%s\n"), type, addr, i, url, (display_html ? "" : "")); strcpy (server_type, type); -- cgit v1.2.3-74-g34f1