checking http with UN PW

[rkennedy]

This is odd, what is the full output from curl -v "mysite.net/sub/login.ashx?

Also, what is the full output from curl -v "http://mysite.net/sub/login.ashx" -u "username"? Replace username with your username. This one will also prompt you for a password, enter it.

It might not be a basic auth page, but rather some kind of ASP authentication.

[thenomad]

Here you go

Code: Select all

curl -v http://mysite.tld/sub/login.ashx
* About to connect() to mysite.tld/sub port 80 (#0)
*   Trying 11.11.11.11... connected
* Connected tomysite.tld/sub (11.11.11.11) port 80 (#0)
> GET /sub/login.ashx HTTP/1.1
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.19.1 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Host: mysite.tld
> Accept: */*
> 
< HTTP/1.1 401 Access Denied
< Cache-Control: no-cache
< Pragma: no-cache
< Content-Type: text/html
< Expires: -1
< Server: Microsoft-IIS/8.0
< APP-Version: APP/1.7.2
< WWW-Authenticate: Digest realm="Realm", nonce="MjAxNi0wMy0yMyAyMDo0MDoyNS4xNDQ", opaque="0000000000000000", stale=false, algorithm=MD5, qop="auth"
< X-AspNet-Version: 4.0.30319
< X-Powered-By: ASP.NET
< Date: Wed, 23 Mar 2016 19:40:24 GMT
< Content-Length: 1293
< 
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
<title>401 - Unauthorized: Access is denied due to invalid credentials.</title>
<style type="text/css">
<!--
body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}
fieldset{padding:0 15px 10px 15px;} 
h1{font-size:2.4em;margin:0;color:#FFF;}
h2{font-size:1.7em;margin:0;color:#CC0000;} 
h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} 
#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;
background-color:#555555;}
#content{margin:0 0 0 2%;position:relative;}
.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}
-->
</style>
</head>
<body>
<div id="header"><h1>Server Error</h1></div>
<div id="content">
 <div class="content-container"><fieldset>
  <h2>401 - Unauthorized: Access is denied due to invalid credentials.</h2>
  <h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3>
 </fieldset></div>
</div>
</body>
</html>
* Connection #0 to host mysite.tld left intact
* Closing connection #0

and then adding the username

Code: Select all

 curl -v http://mysite.tld/sub/login.ashx -u "Itsme"
Enter host password for user 'itsme':
* About to connect() to mysite.tld port 80 (#0)
*   Trying 11.11.11.11... connected
* Connected to mysite.tld (11.11.11.11) port 80 (#0)
* Server auth using Basic with user 'Itsme'
> GET /sub/login.ashx HTTP/1.1
> Authorization: Basic ZGJ1Y2hhbmFuOlBhc3MwMTAx
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.19.1 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Host:  mysite.tld
> Accept: */*
> 
< HTTP/1.1 401 Access Denied
< Cache-Control: no-cache
< Pragma: no-cache
< Content-Type: text/html
< Expires: -1
< Server: Microsoft-IIS/8.0
< APP-Version: APP/1.7.2
< WWW-Authenticate: Digest realm="REALM", nonce="MjAxNi0wMy0yMyAyMDo1MToyMy45OTM", opaque="0000000000000000", stale=false, algorithm=MD5, qop="auth"
< X-AspNet-Version: 4.0.30319
< X-Powered-By: ASP.NET
< Date: Wed, 23 Mar 2016 19:51:23 GMT
< Content-Length: 1293
< 
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
<title>401 - Unauthorized: Access is denied due to invalid credentials.</title>
<style type="text/css">
<!--
body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}
fieldset{padding:0 15px 10px 15px;} 
h1{font-size:2.4em;margin:0;color:#FFF;}
h2{font-size:1.7em;margin:0;color:#CC0000;} 
h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} 
#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;
background-color:#555555;}
#content{margin:0 0 0 2%;position:relative;}
.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}
-->
</style>
</head>
<body>
<div id="header"><h1>Server Error</h1></div>
<div id="content">
 <div class="content-container"><fieldset>
  <h2>401 - Unauthorized: Access is denied due to invalid credentials.</h2>
  <h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3>
 </fieldset></div>
</div>
</body>
</html>
* Connection #0 to host mysite.tld left intact
* Closing connection #0

Thanks for you help

[rkennedy]

Thanks for posting those. It looks like the authentication page isn't basic auth, and that's what Nagios is checking against. Here's some output to show:

Curl is trying to send > Authorization: Basic ZGJ1Y2hhbmFuOlBhc3MwMTAx, however the receiving server isn't looking for basic auth, < WWW-Authenticate: Digest realm="REALM", nonce="MjAxNi0wMy0yMyAyMDo1MToyMy45OTM", opaque="0000000000000000", stale=false, algorithm=MD5, qop="auth"

Code: Select all

curl -v http://mysite.tld/sub/login.ashx -u "Itsme"
Enter host password for user 'itsme':
* About to connect() to mysite.tld port 80 (#0)
*   Trying 11.11.11.11... connected
* Connected to mysite.tld (11.11.11.11) port 80 (#0)
* Server auth using Basic with user 'Itsme'
> GET /sub/login.ashx HTTP/1.1
> Authorization: Basic ZGJ1Y2hhbmFuOlBhc3MwMTAx
> User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.19.1 Basic ECC zlib/1.2.3 libidn/1.18 libssh2/1.4.2
> Host:  mysite.tld
> Accept: */*
>
< HTTP/1.1 401 Access Denied
< Cache-Control: no-cache
< Pragma: no-cache
< Content-Type: text/html
< Expires: -1
< Server: Microsoft-IIS/8.0
< APP-Version: APP/1.7.2
< WWW-Authenticate: Digest realm="REALM", nonce="MjAxNi0wMy0yMyAyMDo1MToyMy45OTM", opaque="0000000000000000", stale=false, algorithm=MD5, qop="auth"

Here's an output of running a basic auth check against a Core server:

The machine sends a basic auth request > Authorization: Basic bmFnaW9zYWRtaW5kOg==, and the server is expecting it < WWW-Authenticate: Basic realm="Nagios Core".

Code: Select all

[root@ck html]# curl -v "http://192.168.3.42/nagios/" -u "nagiosadmin"
Enter host password for user 'nagiosadmind':
* About to connect() to 192.168.3.42 port 80 (#0)
*   Trying 192.168.3.42...
* Connected to 192.168.3.42 (192.168.3.42) port 80 (#0)
* Server auth using Basic with user 'nagiosadmind'
> GET /nagios/ HTTP/1.1
> Authorization: Basic bmFnaW9zYWRtaW5kOg==
> User-Agent: curl/7.29.0
> Host: 192.168.3.42
> Accept: */*
>
< HTTP/1.1 401 Authorization Required
< Date: Wed, 23 Mar 2016 20:14:34 GMT
< Server: Apache/2.2.15 (CentOS)
* Authentication problem. Ignoring this.
< WWW-Authenticate: Basic realm="Nagios Core"
< Content-Length: 479
< Connection: close
< Content-Type: text/html; charset=iso-8859-1
<

At this point, I would like to recommend taking a look at our exchange (https://exchange.nagios.org) to see if a different plugin would work for you. This one will only support basic auth. There are quite a few options available https://exchange.nagios.org/index.php?o ... check_http

[thenomad]

Thank you I am in the right direction now.
Last question is there something different that I need to do with the command to run php scripts ??

Code: Select all

$USER1$/bla_bla.php - otherstuff

I have it working from the console but I cant get the command right for XI

[rkennedy]

You're welcome! It's actually pretty interesting to see those differences.

You may need to do -

Code: Select all

PHP $USER1$/bla_bla.php - otherstuff