How to encrypt just the login portion in Nagios XI

ganeshanrs1983 · Post by **ganeshanrs1983** » Thu Feb 26, 2015 2:23 pm

Now only login page is encrypted but the thing is we are getting error message in Firefox, chrome and IE

Firefox --> " Some unencrypted elemends on this website has been blocked"
Chrome --> "This page is trying to load scripts from unauthenticated source"
IE --> " Do you want to view only the webpage content that was delivered securely.

Could you please help me in this issue.

scottwilkerson · Post by **scottwilkerson** » Thu Feb 26, 2015 4:15 pm

This is the problem with trying to just encrypt one piece.. ALL of the resources that the page loads, need to be served encrypted or the browser is going to scream at you.

And according to firebug on my computer the list is pretty long for just that page

GET CN.png
GET DE.png
GET ES.png
GET FR.png
GET IT.png
GET JP.png
GET KR.png
GET PL.png
GET PT.png
GET RU.png
GET TW.png
GET US.png
GET ajaxhelper.php
GET bootstrap.min.css?2014R2.6
GET colorpicker.css
GET colorpicker.js
GET commands.js?2014R2.6
GET core_2014.js?2014R2.6
GET d3.v3.min.js?2014R2.6
GET dashboards.js?2014R2.6
GET dashlets.js?2014R2.6
GET exporting.js?415
GET font-awesome.min.css?2014R2.6
GET gauge.js
GET graphexplorerinclude.js
GET helpsystem.css?0.5
GET helpsysteminclude.js?0.5
GET highcharts-more.js?415
GET highcharts.js?415
GET internethealthreport.css
GET internettrafficreport.css
GET jquery-1.8.2.min.js?2014R2.6
GET jquery-ui-1.9.0.custom.min.css?2014R2.6
GET jquery-ui-1.9.0.custom.min.js?2014R2.6
GET jquery.autocomplete.css
GET jquery.colorBlend.js
GET jquery.jscrollpane.css
GET jquery.jscrollpane.min.js
GET jquery.mousewheel.js
GET jquery.searchabledropdown.custom.js
GET jquery.timers-1.1.3.js
GET jquery.zclip.min.js
GET login.php?logout
GET loginsplash.png
GET main_js.js?2.3.3
GET nagiosxi-logo-small.png
GET nagiosxi_2014.css?2014R2.6
GET perfdata.js?2014R2.6
GET rss_dashlet.css
GET sansrisingports.css
GET style.css?2.3.3
GET tables.js?2014R2.6
GET throbber.gif
GET throbber1.gif
GET users.js?2014R2.6
GET views.js?2014R2.6
GET wizards.js?2014R2.6
GET worldtimeserver.css

58 requests

Is there a reason you are not wanting to encrypt all communication?

ganeshanrs1983 · Post by **ganeshanrs1983** » Thu Mar 05, 2015 10:11 am

Thanks scottwilkerson. Will check with my manager and get back to you

abrist · Post by **abrist** » Thu Mar 05, 2015 2:58 pm

Fair enough. Keep us posted.

ganeshanrs1983 · Post by **ganeshanrs1983** » Fri Mar 06, 2015 8:58 am

If we encrypt our entire Nagios XI URL we feel that we will get some performance issue on the servers and networks

Performance on the servers and networks.

The problem is that the requests to nagios.com. the local resources are loading properly. We want to remove ALL links to nagios.com from our page.

scottwilkerson · Post by **scottwilkerson** » Fri Mar 06, 2015 4:19 pm

ganeshanrs1983 wrote:Performance on the servers and networks.

The problem is that the requests to nagios.com. the local resources are loading properly. We want to remove ALL links to nagios.com from our page.

Which requests are you referring to? No login info is ever sent to nagios.com, additionally there is no problem having Nagios XI on a completely isolated network.

ganeshanrs1983 · Post by **ganeshanrs1983** » Tue Mar 10, 2015 1:10 pm

Could you please help me to encrypt our entire Nagios XI URL. Earlier i have added the below lines in /etc/httpd/conf.d/nagiosxi.conf
Please let me know what changes i have to do to encrypt the entire nagios XI URL.

RewriteEngine On
# Turn SSL on for just login
RewriteCond %{HTTPS} off
RewriteCond %{SCRIPT_FILENAME} \/login\.php [NC]
RewriteRule ^(.*)$ https://SERVERNAME/$1 [R=301,L]

# Turn SSL off everything but login
RewriteCond %{HTTPS} on
RewriteCond %{SCRIPT_FILENAME} !\/login\.php [NC]
RewriteRule ^(.*)$ http://SERVERNAME/$1 [R=301,L]

jdalrymple · Post by **jdalrymple** » Tue Mar 10, 2015 1:35 pm

http://assets.nagios.com/downloads/nagi ... s%20XI.pdf

Notice the following line on page 4:

Code: Select all

Redirect permanent / https://<Your-XI-Server-Address-or-Hostname>

ganeshanrs1983 · Post by **ganeshanrs1983** » Thu Mar 12, 2015 9:48 am

Thanks. But we need SSL only for our login page. We have implemented SSL for our login page but the browser IE, Chrome and Firebox not displaying the login page contents properly. Could you please help us how to make it perfect. Please find the attachment of your login page.

jdalrymple · Post by **jdalrymple** » Thu Mar 12, 2015 2:42 pm

ganeshanrs1983,

You can straighten out the look of the page by changing your turn-off rewrite rules to look like this:

Code: Select all

# Turn SSL off everything but login
RewriteCond %{HTTPS} on
RewriteCond %{SCRIPT_FILENAME} !\/login\.php [NC]
RewriteCond !^css(.*)$ [NC]
RewriteRule ^(.*)$ http://192.168.145.128/nagiosxi/$1 [R=301,L]

Please be aware that by disabling SSL for everything else you may as well disable it for logon as well...

http://stackoverflow.com/questions/6483 ... -hijacking

Nagios Support Forum

How to encrypt just the login portion in Nagios XI

Re: How to encrypt just the login portion in Nagios XI

Re: How to encrypt just the login portion in Nagios XI

Re: How to encrypt just the login portion in Nagios XI

Re: How to encrypt just the login portion in Nagios XI

Re: How to encrypt just the login portion in Nagios XI

Re: How to encrypt just the login portion in Nagios XI

Re: How to encrypt just the login portion in Nagios XI

Re: How to encrypt just the login portion in Nagios XI

Re: How to encrypt just the login portion in Nagios XI

Re: How to encrypt just the login portion in Nagios XI