[Nagiosplug-devel] check_http fails to redirect to secure sites

Frank Bulk frnkblk at iname.com
Sun Mar 11 22:10:45 CET 2012


Thomas:

 

Thanks for investigating.  It sounds like you already understand the
problem.  Do you think it's a load balancer they have sitting in front of
their site?

 

I agree, there are few sites that work this way, but if you would be willing
to make check_http a bit more flexible you could get it thoroughly against
Sprint's site. =)  

 

Frank

 

From: Thomas Guyot-Sionnest [mailto:dermoth at aei.ca] 
Sent: Tuesday, March 06, 2012 12:29 AM
To: Nagios Plugin Development Mailing List
Cc: Frank Bulk
Subject: Re: [Nagiosplug-devel] check_http fails to redirect to secure sites

 


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 12-02-23 11:28 PM, Frank Bulk wrote:
> 



      > Starting this morning two of the sites I monitor failed, 



      > www.sprint.net  <http://www.sprint.net> <http://www.sprint.net> and

      www.sprintv6.net 



      >  <http://www.sprintv6.net> <http://www.sprintv6.net>. After some
testing it?s

      become clear to



      > me that check_http doesn?t currently redirect to secure

      sites, even



      > with the use of the '-f follow' command. I guess Sprint

      turned on



      > redirection to the secure version this morning.



      > 



      > Not sure whether to call this a bug or working-as-designed,

      but I?m



      > request the follow feature be enhanced to allow redirection

      to the



      > secure version of host.



      > 



      > I'm running check_http version 1.4.15.



      > 



      > Here's a copy of my tests:



      > 



      >

============================================================================
==



      >



      >



      > 
nagios:/etc/nagios3#
> 



      > nagios:/etc/nagios3# /usr/lib/nagios/plugins/check_http -H

      



      > www.sprint.net  <http://www.sprint.net> <http://www.sprint.net> -4



      > 



      > CRITICAL - Socket timeout after 10 seconds



      > 



      > nagios:/etc/nagios3#



      > 

This actually has to do with www.sprint.net not honoring the
"Connection: close" header and leaving the socket open. check_http
currently doesn't rely on the "Content-Length:" header to determine
when the request is complete, it rather insert a "Connection: close"
header in the request and wait for the remote server to close the
socket - if the remote leaves the connection open check_http times out.

So that could be a feature request - however there is so few
devices/webservers working this way that I'm wondering if it's even
valid according to the RFC's - I'd have to check.

Thanks

- -- 
Thomas
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk9VrooACgkQ6dZ+Kt5Bcha7CgCdEGXPcgZySOaujHWb0dIxM4MC
LecAoOJgT1s7v1yywnv6smDLmZjbnQda
=dmWt
-----END PGP SIGNATURE-----

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.monitoring-plugins.org/archive/devel/attachments/20120311/2ee1fa48/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6517 bytes
Desc: not available
URL: <https://www.monitoring-plugins.org/archive/devel/attachments/20120311/2ee1fa48/attachment.bin>


More information about the Devel mailing list