Website monitoring

kalyanpabolu · Post by **kalyanpabolu** » Tue Jan 12, 2021 6:56 am

Hello,

We have noticed that it is giving "OK" message even with wrong password.

Output with correct password:

[root@HO1-NAGIOSXI ~]# /usr/local/nagios/libexec/check_http -H 10.44.3.8 -s 'Login' -f follow -I 10.44.3.8 -u '/nagiosxi/login.php' -a 'nagiosadmin:[email protected]' -p 80 HTTP OK: HTTP/1.1 200 OK - 26118 bytes in 0.626 second response time |time=0.626287s;;;0.000000 size=26118B;;;0
[root@HO1-NAGIOSXI ~]#

Output with wrong password:

[root@HO1-NAGIOSXI ~]# /usr/local/nagios/libexec/check_http -H 10.44.3.8 -s 'Login' -f follow -I 10.44.3.8 -u '/nagiosxi/login.php' -a 'nagiosadmin:welcome' -p 80
HTTP OK: HTTP/1.1 200 OK - 26118 bytes in 0.633 second response time |time=0.632924s;;;0.000000 size=26118B;;;0
[root@HO1-NAGIOSXI ~]#

How come this is possible?

benjaminsmith · Post by **benjaminsmith** » Tue Jan 12, 2021 6:08 pm

HI kalyanpabolu,

Just want to confirm if you updated WebInject on this server as mentioned in the last post (the current version does not support redirects)?

Benjamin

kalyanpabolu · Post by **kalyanpabolu** » Wed Jan 13, 2021 5:54 am

Hello,

No, we haven't updated it.

benjaminsmith · Post by **benjaminsmith** » Wed Jan 13, 2021 6:19 pm

Hi kalyanpabolu,

The check_http plugin only supports basic authentication, it's connecting to the webpage and getting a status 200 code back and therefore is passing.

To run this type of check you'll need to update WebInject so it can handle redirects as suggested and can submit a POST reqeust.

--Benjamin

Nagios Support Forum

Website monitoring

Re: Website monitoring

Re: Website monitoring

Re: Website monitoring

Re: Website monitoring