Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

Website monitoring

https://support.nagios.com/forum/viewtopic.php?t=61024

Page 2 of 2

Re: Website monitoring

Posted: Tue Jan 12, 2021 6:56 am
by kalyanpabolu
Hello,

We have noticed that it is giving "OK" message even with wrong password.

Output with correct password:

[root@HO1-NAGIOSXI ~]# /usr/local/nagios/libexec/check_http -H 10.44.3.8 -s 'Login' -f follow -I 10.44.3.8 -u '/nagiosxi/login.php' -a 'nagiosadmin:[email protected]' -p 80 HTTP OK: HTTP/1.1 200 OK - 26118 bytes in 0.626 second response time |time=0.626287s;;;0.000000 size=26118B;;;0
[root@HO1-NAGIOSXI ~]#


Output with wrong password:

[root@HO1-NAGIOSXI ~]# /usr/local/nagios/libexec/check_http -H 10.44.3.8 -s 'Login' -f follow -I 10.44.3.8 -u '/nagiosxi/login.php' -a 'nagiosadmin:welcome' -p 80
HTTP OK: HTTP/1.1 200 OK - 26118 bytes in 0.633 second response time |time=0.632924s;;;0.000000 size=26118B;;;0
[root@HO1-NAGIOSXI ~]#

How come this is possible?

Re: Website monitoring

Posted: Tue Jan 12, 2021 6:08 pm
by benjaminsmith
HI kalyanpabolu,

Just want to confirm if you updated WebInject on this server as mentioned in the last post (the current version does not support redirects)?

Benjamin

Re: Website monitoring

Posted: Wed Jan 13, 2021 5:54 am
by kalyanpabolu
Hello,

No, we haven't updated it.

Re: Website monitoring

Posted: Wed Jan 13, 2021 6:19 pm
by benjaminsmith
Hi kalyanpabolu,

The check_http plugin only supports basic authentication, it's connecting to the webpage and getting a status 200 code back and therefore is passing.

To run this type of check you'll need to update WebInject so it can handle redirects as suggested and can submit a POST reqeust.

--Benjamin
All times are UTC-05:00
Page 2 of 2

Powered by phpBB® Forum Software © phpBB Limited