Page 2 of 3
Re: Securing Response URL in Email Notifications
Posted: Tue Jun 23, 2015 10:50 am
by ssax
Please post a sanitized copy of the URL from an email so that we can review it.
I'm wondering if you're hitting a known bug, also post the sanitized URL from the address bar after you have logged in to the response URL and it's showing you the "Not authorized" message.
Re: Securing Response URL in Email Notifications
Posted: Tue Jun 23, 2015 11:05 am
by derekb
I can absolutely do that!
I have simulated a host-down alert. This is the email notification I receive:
Code: Select all
***** Nagios XI Alert *****
Nagios has detected a problem with this host.
Notification Type: PROBLEM
Host: APC PDU 1
State: DOWN
Address: 10.1.1.15
Info: CRITICAL - 10.1.1.15: Host unreachable @ 10.1.1.31. rta nan, lost 100%
Date/Time: 2015-06-23 11:59:25
Respond: http://nagios.mydomain.com/nagiosxi/?&xiwindow=http%3A%2F%2Fnagios.mydomain.com%2Fnagiosxi%2Fincludes%2Fcomponents%2Fxicore%2Fstatus.php%3Fshow%3Dhostdetail%26host%3DAPC%2BPDU%2B1
Nagios URL: http://nagios.mydomain.com/nagiosxi/
If I click the link in the email, it brings me to the main Nagios XI login page, with this in the URL bar of my browser:
Code: Select all
http://nagios.mydomain.com/nagiosxi/login.php?redirect=/nagiosxi/index.php%3f%26xiwindow=http://nagios.mydomain.com/nagiosxi/includes/components/xicore/status.php?show=hostdetail&host=APC+PDU+1&noauth=1
Once I login, I get the "Notices" window on top, saying there are new unhandled events. Underneath the "notices" window, I see the 'not authorized' message. This the URL in my browser bar after I have logged in:
Code: Select all
http://nagios.mydomain.com/nagiosxi/index.php?&xiwindow=http://nagios.mydomain.com/nagiosxi/includes/components/xicore/status.php?show=hostdetail
1.JPG
2.JPG
Re: Securing Response URL in Email Notifications
Posted: Tue Jun 23, 2015 11:08 am
by derekb
This may or may not be worth mentioning, but the Respond URL looks different when the 'secure' mode is enabled.
My non-secured Respond URLs were always in this format:
Code: Select all
Respond: http://nagios.mydomain.com/nagiosxi/rr.php?uid=18-655-b0546031541db49ca2853fe76651aaa9
Re: Securing Response URL in Email Notifications
Posted: Tue Jun 23, 2015 11:28 am
by abrist
Also, make sure you are not currently logged in to XI when you click the link.
Re: Securing Response URL in Email Notifications
Posted: Tue Jun 23, 2015 11:42 am
by derekb
abrist wrote:Also, make sure you are not currently logged in to XI when you click the link.
Yes. I specifically log out (if logged in already), clear cache, clear cookies, etc. and then click the link.
Re: Securing Response URL in Email Notifications
Posted: Tue Jun 23, 2015 12:32 pm
by ssax
I believe you are hitting a bug, I have a solution, let me dig it up for you.
Re: Securing Response URL in Email Notifications
Posted: Tue Jun 23, 2015 12:51 pm
by ssax
Please unzip and replace /usr/local/nagiosxi/html/includes/auth.inc.php with the attached file:
auth.inc.php.zip
Then it should work for you.
Re: Securing Response URL in Email Notifications
Posted: Tue Jun 23, 2015 1:09 pm
by derekb
ssax wrote:Please unzip and replace /usr/local/nagiosxi/html/includes/auth.inc.php with the attached file:
auth.inc.php.zip
Then it should work for you.
Edit: trying now.
Re: Securing Response URL in Email Notifications
Posted: Tue Jun 23, 2015 1:14 pm
by derekb
Cool, that worked. It lets me authenticate and brings me to the host detail page. I was hoping it would bring me to the same page as the unsecured URL would, where I have to select acknowledge, view host details, etc. But this will suffice.
Re: Securing Response URL in Email Notifications
Posted: Tue Jun 23, 2015 1:46 pm
by abrist
Great. Are we clear to close the thread?