diff options
Diffstat (limited to 'web/attachments/424694-nagiosplug_check_http_connect_method.patch')
| -rw-r--r-- | web/attachments/424694-nagiosplug_check_http_connect_method.patch | 88 |
1 files changed, 88 insertions, 0 deletions
diff --git a/web/attachments/424694-nagiosplug_check_http_connect_method.patch b/web/attachments/424694-nagiosplug_check_http_connect_method.patch new file mode 100644 index 0000000..cbf0870 --- /dev/null +++ b/web/attachments/424694-nagiosplug_check_http_connect_method.patch | |||
| @@ -0,0 +1,88 @@ | |||
| 1 | diff -ur nagios-plugins-1.4.15.orig/plugins/check_http.c nagios-plugins-1.4.15/plugins/check_http.c | ||
| 2 | --- nagios-plugins-1.4.15.orig/plugins/check_http.c 2010-07-27 20:47:16.000000000 +0000 | ||
| 3 | +++ nagios-plugins-1.4.15/plugins/check_http.c 2011-09-09 14:03:49.000000000 +0000 | ||
| 4 | @@ -805,9 +805,34 @@ | ||
| 5 | /* try to connect to the host at the given port number */ | ||
| 6 | if (my_tcp_connect (server_address, server_port, &sd) != STATE_OK) | ||
| 7 | die (STATE_CRITICAL, _("HTTP CRITICAL - Unable to open TCP socket\n")); | ||
| 8 | + | ||
| 9 | + /* if we are called with the -I option, the -j method is CONNECT and */ | ||
| 10 | + /* we received -S for SSL, then we tunnel the request through a proxy*/ | ||
| 11 | + /* @20100414, public[at]frank4dd.com, http://www.frank4dd.com/howto */ | ||
| 12 | + | ||
| 13 | + if ( server_address != NULL && strcmp(http_method, "CONNECT") == 0 | ||
| 14 | + && host_name != NULL && use_ssl == TRUE) { | ||
| 15 | + | ||
| 16 | + if (verbose) printf ("Entering CONNECT tunnel mode with proxy %s:%d to dst %s:%d\n", server_address, server_port, host_name, HTTPS_PORT); | ||
| 17 | + asprintf (&buf, "%s %s:%d HTTP/1.1\r\n%s\r\n", http_method, host_name, HTTPS_PORT, user_agent); | ||
| 18 | + asprintf (&buf, "%sProxy-Connection: keep-alive\r\n", buf); | ||
| 19 | + asprintf (&buf, "%sHost: %s\r\n", buf, host_name); | ||
| 20 | + /* we finished our request, send empty line with CRLF */ | ||
| 21 | + asprintf (&buf, "%s%s", buf, CRLF); | ||
| 22 | + if (verbose) printf ("%s\n", buf); | ||
| 23 | + send(sd, buf, strlen (buf), 0); | ||
| 24 | + buf[0]='\0'; | ||
| 25 | + | ||
| 26 | + if (verbose) printf ("Receive response from proxy\n"); | ||
| 27 | + read (sd, buffer, MAX_INPUT_BUFFER-1); | ||
| 28 | + if (verbose) printf ("%s", buffer); | ||
| 29 | + /* Here we should check if we got HTTP/1.1 200 Connection established */ | ||
| 30 | + } | ||
| 31 | + | ||
| 32 | #ifdef HAVE_SSL | ||
| 33 | if (use_ssl == TRUE) { | ||
| 34 | np_net_ssl_init_with_hostname(sd, (use_sni ? host_name : NULL)); | ||
| 35 | + if (verbose) printf ("SSL initialized\n"); | ||
| 36 | if (check_cert == TRUE) { | ||
| 37 | result = np_net_ssl_check_cert(days_till_exp); | ||
| 38 | np_net_ssl_cleanup(); | ||
| 39 | @@ -817,7 +842,11 @@ | ||
| 40 | } | ||
| 41 | #endif /* HAVE_SSL */ | ||
| 42 | |||
| 43 | - asprintf (&buf, "%s %s %s\r\n%s\r\n", http_method, server_url, host_name ? "HTTP/1.1" : "HTTP/1.0", user_agent); | ||
| 44 | + if ( server_address != NULL && strcmp(http_method, "CONNECT") == 0 | ||
| 45 | + && host_name != NULL && use_ssl == TRUE) | ||
| 46 | + asprintf (&buf, "%s %s %s\r\n%s\r\n", "GET", server_url, host_name ? "HTTP/1.1" : "HTTP/1.0", user_agent); | ||
| 47 | + else | ||
| 48 | + asprintf (&buf, "%s %s %s\r\n%s\r\n", http_method, server_url, host_name ? "HTTP/1.1" : "HTTP/1.0", user_agent); | ||
| 49 | |||
| 50 | /* tell HTTP/1.1 servers not to keep the connection alive */ | ||
| 51 | asprintf (&buf, "%sConnection: close\r\n", buf); | ||
| 52 | @@ -830,7 +859,9 @@ | ||
| 53 | * (default) port is explicitly specified in the "Host:" header line. | ||
| 54 | */ | ||
| 55 | if ((use_ssl == FALSE && server_port == HTTP_PORT) || | ||
| 56 | - (use_ssl == TRUE && server_port == HTTPS_PORT)) | ||
| 57 | + (use_ssl == TRUE && server_port == HTTPS_PORT) || | ||
| 58 | + ( server_address != NULL && strcmp(http_method, "CONNECT") == 0 | ||
| 59 | + && host_name != NULL && use_ssl == TRUE)) | ||
| 60 | asprintf (&buf, "%sHost: %s\r\n", buf, host_name); | ||
| 61 | else | ||
| 62 | asprintf (&buf, "%sHost: %s:%d\r\n", buf, host_name, server_port); | ||
| 63 | @@ -1355,7 +1386,7 @@ | ||
| 64 | printf (" %s\n", _("URL to GET or POST (default: /)")); | ||
| 65 | printf (" %s\n", "-P, --post=STRING"); | ||
| 66 | printf (" %s\n", _("URL encoded http POST data")); | ||
| 67 | - printf (" %s\n", "-j, --method=STRING (for example: HEAD, OPTIONS, TRACE, PUT, DELETE)"); | ||
| 68 | + printf (" %s\n", "-j, --method=STRING (for example: HEAD, OPTIONS, TRACE, PUT, DELETE, CONNECT)"); | ||
| 69 | printf (" %s\n", _("Set HTTP method.")); | ||
| 70 | printf (" %s\n", "-N, --no-body"); | ||
| 71 | printf (" %s\n", _("Don't wait for document body: stop reading after headers.")); | ||
| 72 | @@ -1423,7 +1454,15 @@ | ||
| 73 | printf (" %s\n", _("When the certificate of 'www.verisign.com' is valid for more than 14 days,")); | ||
| 74 | printf (" %s\n", _("a STATE_OK is returned. When the certificate is still valid, but for less than")); | ||
| 75 | printf (" %s\n", _("14 days, a STATE_WARNING is returned. A STATE_CRITICAL will be returned when")); | ||
| 76 | - printf (" %s\n", _("the certificate is expired.")); | ||
| 77 | + printf (" %s\n\n", _("the certificate is expired.")); | ||
| 78 | + | ||
| 79 | + printf (" %s\n\n", "CHECK SSL WEBSERVER CONTENT VIA PROXY USING HTTP 1.1 CONNECT: "); | ||
| 80 | + printf (" %s\n\n", _("check_http -I 192.168.100.35 -p 80 -u https://www.verisign.com/ -S -j CONNECT -H www.verisign.com ")); | ||
| 81 | + printf (" %s\n", _("All these options are needed: -I <proxy> -p <proxy-port> -u <check-url> -S(sl) -j CONNECT -H <webserver>")); | ||
| 82 | + printf (" %s\n", _("A STATE_OK will be returned. When the server returns its content but exceeds")); | ||
| 83 | + printf (" %s\n", _("the 5-second threshold, a STATE_WARNING will be returned. When an error occurs,")); | ||
| 84 | + printf (" %s\n", _("a STATE_CRITICAL will be returned.")); | ||
| 85 | + | ||
| 86 | #endif | ||
| 87 | |||
| 88 | printf (UT_SUPPORT); | ||