check_http with basic auth on server without an "authentication challenge"

Theodore Wynnychenko tmw at uchicago.edu
Tue May 10 15:43:51 CEST 2016


Hello

Many years ago, I had the check_http plugin working to monitor a very basic
network printserver.  At that point, I was using monitoring the printer server's
existence with ping and check_http.

Some time ago, I didn't need/want it anymore so I put it in a box.

Now, I have taken it out again, and wanted to monitor it.

Currently running icinga2 on openbsd current with monitoring plugins:

# /usr/local/libexec/nagios/check_http -V
check_http v2.1.2 (monitoring-plugins 2.1.2)

# uname -mrsv
OpenBSD 5.9 GENERIC.MP#1982 amd64

# icinga2 -V
icinga2 - The Icinga 2 network monitoring daemon (version: r2.4.4-1)


Anyway, trying to use basic auth with check_http fails for this print server.

I have another (even older, but maybe not quite as cheap) print server that is
monitored fine.

On the "working" one, I can confirm check_http works with:

# /usr/local/libexec/nagios/check_http -I 10.0.128.254 -v -a user:pass
GET / HTTP/1.0
User-Agent: check_http/v2.1.2 (monitoring-plugins 2.1.2)
Connection: close
Authorization: Basic U0M0MTc2OTg6dHlyb25l
...
HTTP OK: HTTP/1.0 200 Document follows - 3905 bytes in 1.032 second response
time |time=1.032029s;;;0.000000 size=3905B;;;0

But, when I try confirming this on the "non-working" print server with:

# /usr/local/libexec/nagios/check_http -I 10.0.128.251 -v -a user:pass
GET / HTTP/1.0
User-Agent: check_http/v2.1.2 (monitoring-plugins 2.1.2)
Connection: close
Authorization: Basic YWRtaW46TWR1S3dadDc=


CRITICAL - Socket timeout after 10 seconds


When I use wget I was also getting the same discrepancy; wget pulled down the
page for the "working" print server, but not the "non-working" one.

Eventually, I was able to discover that the issue with wget was the need for the
"--auth-no-challenge" switch.

It appears this print server does not send an authentication challenge; but
simply expects the basic auth credentials to be sent.  From the wget man page:

       --auth-no-challenge
           If this option is given, Wget will send Basic HTTP authentication
           information (plaintext username and password) for all requests,
           just like Wget 1.10.2 and prior did by default.

           Use of this option is not recommended, and is intended only to
           support some few obscure servers, which never send HTTP
           authentication challenges, but accept unsolicited auth info, say,
           in addition to form-based authentication.

So, it seems that this old "non-working" print server does not send an
authentication challenge.

I am not sure if this is relevant to check_http, but some prior version of
check_http worked with this piece of hardware many years ago, but does not any
longer.

Is there anything I can do to get check_http working in this situation, or
should I just abandon http checks for this hardware?

Thanks
Ted





More information about the Help mailing list