check_http detecting a loop!

[BanditBBS]

So, URL check was working fine, then yesterday a WAF was put in place.

used to go ---> URL to IP1 on F5 to internal host

Now goes ---> URL to IP1 on F5 to WAF to DLP to IP2 on F5 to internal host. Browsing these sites works fine, but check_http is erroring out with "HTTP WARNING - redirection creates an infinite loop"

[bwallace]

Perhaps we should 1st learn the version of your check_http plugin:

/usr/local/nagios/libexec/check_http -V

While we're at it, get openssl details:
yum list installed | grep openssl

The following seemed to indicate a problem with a specific check_http versions <1.4.14 or wordpress in the2nd link:
https://www.reddit.com/r/sysadmin/comme ... plication/
https://sourceforge.net/p/nagiosplug/bugs/423/

For the record I'm using 2.0.3 on XI 5.3.2
[root@XIcent7 libexec]# ./check_http -V
check_http v2.0.3 (nagios-plugins 2.0.3)

[BanditBBS]

Code: Select all

[jclark@iss-chi-nag05 ~]$ /usr/local/nagios/libexec/check_http -V
check_http v2.0.3 (nagios-plugins 2.0.3)
[jclark@iss-chi-nag05 ~]$ yum list installed | grep openssl
*Note* Red Hat Network repositories are not listed below. You must run this command as root to access RHN repositories.
openssl.x86_64                     1.0.1e-42.el6           @rhel-x86_64-server-6
openssl-devel.x86_64               1.0.1e-42.el6           @rhel-x86_64-server-6
openssl-perl.x86_64                1.0.1e-42.el6           @rhel-x86_64-server-optional-6
openssl098e.i686                   0.9.8e-17.el6           @rhel-x86_64-server-6

[bwallace]

Thanks for the details, that all looks fine. What does the check command look like - are you using '-f' anywhere?

[BanditBBS]

Code: Select all

check_http -H www.mysite.com --ssl -u /my/dir/to/go -f follow

I have to use follow due to all the redirects described in opening post. I can browse from any browser just fine and get to the page, just not check_http or curl. So it seems to be an issue with either linux itself or something on the nagios server.

[rkennedy]

Could you post the full output with -v? Also, what is the full output of curl -v www.mysite.com/my/dir/to/go?

[BanditBBS]

Could you post the full output with -v? Also, what is the full output of curl -v http://www.mysite.com/my/dir/to/go?

Sent in PM, sensitive information.

[rkennedy]

Based off of the output, I do not believe the issue is with the plugin. It seems the CURL loop heads on for eternity too. In the past I've seen this with http -> https redirections, but it appears to be strictly https across the board.

The redirects are happening at the headers. Does the page constantly refresh by any chance?

I would think you could fix this by taking out the -f for follow, and define a -e to expect the redirect.

Code: Select all

Original request:
> GET /o/f/p/OfsllSignIn.jsf HTTP/1.1

Header redirect:
< Location: https://*/o/f/p/OfsllSignIn.jsf

* Issue another request to this URL: 'https://*/o/f/p/OfsllSignIn.jsf'
* Re-using existing connection! (#0) with host QA-OFSLL.hdfs.itciss.com
* Connected to * (*) port 443 (#0)
> GET /o/f/p/OfsllSignIn.jsf HTTP/1.0

[BanditBBS]

Yeah, that would validate the initial URL is working, but then that ignores if it gets through the WAF and then gets to the login page.

[BanditBBS]

Really seems to be a linux bug and nothing I can do to resolve this and monitor the URL all the way through

Trying to think of workarounds but coming up empty.