<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";
color:black;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body bgcolor=white lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Thomas:<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Thanks for investigating. It sounds like you already understand the problem. Do you think it’s a load balancer they have sitting in front of their site?<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>I agree, there are few sites that work this way, but if you would be willing to make check_http a bit more flexible you could get it thoroughly against Sprint’s site. =) <o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>Frank<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext'>From:</span></b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif";color:windowtext'> Thomas Guyot-Sionnest [mailto:dermoth@aei.ca] <br><b>Sent:</b> Tuesday, March 06, 2012 12:29 AM<br><b>To:</b> Nagios Plugin Development Mailing List<br><b>Cc:</b> Frank Bulk<br><b>Subject:</b> Re: [Nagiosplug-devel] check_http fails to redirect to secure sites<o:p></o:p></span></p></div></div><p class=MsoNormal><o:p> </o:p></p><p class=MsoNormal><br>-----BEGIN PGP SIGNED MESSAGE-----<br>Hash: SHA1<br><br>On 12-02-23 11:28 PM, Frank Bulk wrote:<br>> <br><br><o:p></o:p></p><p class=MsoNormal> > Starting this morning two of the sites I monitor failed, <br><br><o:p></o:p></p><p class=MsoNormal> > <a href="http://www.sprint.net">www.sprint.net</a> <a href="http://www.sprint.net"><http://www.sprint.net></a> and<o:p></o:p></p><p class=MsoNormal> <a href="http://www.sprintv6.net">www.sprintv6.net</a> <br><br><o:p></o:p></p><p class=MsoNormal> > <a href="http://www.sprintv6.net"><http://www.sprintv6.net></a>. After some testing it?s<o:p></o:p></p><p class=MsoNormal> become clear to<br><br><o:p></o:p></p><p class=MsoNormal> > me that check_http doesn?t currently redirect to secure<o:p></o:p></p><p class=MsoNormal> sites, even<br><br><o:p></o:p></p><p class=MsoNormal> > with the use of the '-f follow' command. I guess Sprint<o:p></o:p></p><p class=MsoNormal> turned on<br><br><o:p></o:p></p><p class=MsoNormal> > redirection to the secure version this morning.<br><br><o:p></o:p></p><p class=MsoNormal> > <br><br><o:p></o:p></p><p class=MsoNormal> > Not sure whether to call this a bug or working-as-designed,<o:p></o:p></p><p class=MsoNormal> but I?m<br><br><o:p></o:p></p><p class=MsoNormal> > request the follow feature be enhanced to allow redirection<o:p></o:p></p><p class=MsoNormal> to the<br><br><o:p></o:p></p><p class=MsoNormal> > secure version of host.<br><br><o:p></o:p></p><p class=MsoNormal> > <br><br><o:p></o:p></p><p class=MsoNormal> > I'm running check_http version 1.4.15.<br><br><o:p></o:p></p><p class=MsoNormal> > <br><br><o:p></o:p></p><p class=MsoNormal> > Here's a copy of my tests:<br><br><o:p></o:p></p><p class=MsoNormal> > <br><br><o:p></o:p></p><p class=MsoNormal> ><o:p></o:p></p><p class=MsoNormal>==============================================================================<br><br><o:p></o:p></p><p class=MsoNormal> ><br><br><o:p></o:p></p><p class=MsoNormal> ><br><br><o:p></o:p></p><p class=MsoNormal> > <br>nagios:/etc/nagios3#<br>> <br><br><o:p></o:p></p><p class=MsoNormal> > nagios:/etc/nagios3# /usr/lib/nagios/plugins/check_http -H<o:p></o:p></p><p class=MsoNormal> <br><br><o:p></o:p></p><p class=MsoNormal> > <a href="http://www.sprint.net">www.sprint.net</a> <a href="http://www.sprint.net"><http://www.sprint.net></a> -4<br><br><o:p></o:p></p><p class=MsoNormal> > <br><br><o:p></o:p></p><p class=MsoNormal> > CRITICAL - Socket timeout after 10 seconds<br><br><o:p></o:p></p><p class=MsoNormal> > <br><br><o:p></o:p></p><p class=MsoNormal> > nagios:/etc/nagios3#<br><br><o:p></o:p></p><p class=MsoNormal style='margin-bottom:12.0pt'> > <br><br>This actually has to do with <a href="http://www.sprint.net">www.sprint.net</a> not honoring the<br>"Connection: close" header and leaving the socket open. check_http<br>currently doesn't rely on the "Content-Length:" header to determine<br>when the request is complete, it rather insert a "Connection: close"<br>header in the request and wait for the remote server to close the<br>socket - if the remote leaves the connection open check_http times out.<br><br>So that could be a feature request - however there is so few<br>devices/webservers working this way that I'm wondering if it's even<br>valid according to the RFC's - I'd have to check.<br><br>Thanks<br><br>- -- <br>Thomas<br>-----BEGIN PGP SIGNATURE-----<br>Version: GnuPG v1.4.10 (GNU/Linux)<br>Comment: Using GnuPG with Mozilla - <a href="http://enigmail.mozdev.org/">http://enigmail.mozdev.org/</a><br><br>iEYEARECAAYFAk9VrooACgkQ6dZ+Kt5Bcha7CgCdEGXPcgZySOaujHWb0dIxM4MC<br>LecAoOJgT1s7v1yywnv6smDLmZjbnQda<br>=dmWt<br>-----END PGP SIGNATURE-----<o:p></o:p></p></div></body></html>