[Nagiosplug-devel] check_http fails to redirect to secure sites
Frank Bulk
frnkblk at iname.com
Sun Mar 11 22:10:45 CET 2012
Thomas:
Thanks for investigating. It sounds like you already understand the
problem. Do you think it's a load balancer they have sitting in front of
their site?
I agree, there are few sites that work this way, but if you would be willing
to make check_http a bit more flexible you could get it thoroughly against
Sprint's site. =)
Frank
From: Thomas Guyot-Sionnest [mailto:dermoth at aei.ca]
Sent: Tuesday, March 06, 2012 12:29 AM
To: Nagios Plugin Development Mailing List
Cc: Frank Bulk
Subject: Re: [Nagiosplug-devel] check_http fails to redirect to secure sites
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 12-02-23 11:28 PM, Frank Bulk wrote:
>
> Starting this morning two of the sites I monitor failed,
> www.sprint.net <http://www.sprint.net> <http://www.sprint.net> and
www.sprintv6.net
> <http://www.sprintv6.net> <http://www.sprintv6.net>. After some
testing it?s
become clear to
> me that check_http doesn?t currently redirect to secure
sites, even
> with the use of the '-f follow' command. I guess Sprint
turned on
> redirection to the secure version this morning.
>
> Not sure whether to call this a bug or working-as-designed,
but I?m
> request the follow feature be enhanced to allow redirection
to the
> secure version of host.
>
> I'm running check_http version 1.4.15.
>
> Here's a copy of my tests:
>
>
============================================================================
==
>
>
>
nagios:/etc/nagios3#
>
> nagios:/etc/nagios3# /usr/lib/nagios/plugins/check_http -H
> www.sprint.net <http://www.sprint.net> <http://www.sprint.net> -4
>
> CRITICAL - Socket timeout after 10 seconds
>
> nagios:/etc/nagios3#
>
This actually has to do with www.sprint.net not honoring the
"Connection: close" header and leaving the socket open. check_http
currently doesn't rely on the "Content-Length:" header to determine
when the request is complete, it rather insert a "Connection: close"
header in the request and wait for the remote server to close the
socket - if the remote leaves the connection open check_http times out.
So that could be a feature request - however there is so few
devices/webservers working this way that I'm wondering if it's even
valid according to the RFC's - I'd have to check.
Thanks
- --
Thomas
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk9VrooACgkQ6dZ+Kt5Bcha7CgCdEGXPcgZySOaujHWb0dIxM4MC
LecAoOJgT1s7v1yywnv6smDLmZjbnQda
=dmWt
-----END PGP SIGNATURE-----
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.monitoring-plugins.org/archive/devel/attachments/20120311/2ee1fa48/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6517 bytes
Desc: not available
URL: <https://www.monitoring-plugins.org/archive/devel/attachments/20120311/2ee1fa48/attachment.bin>
More information about the Devel
mailing list