Page 1 of 2
check_http detecting a loop!
Posted: Tue Dec 13, 2016 1:43 pm
by BanditBBS
So, URL check was working fine, then yesterday a WAF was put in place.
used to go ---> URL to IP1 on F5 to internal host
Now goes ---> URL to IP1 on F5 to WAF to DLP to IP2 on F5 to internal host. Browsing these sites works fine, but check_http is erroring out with "HTTP WARNING - redirection creates an infinite loop"
Re: check_http detecting a loop!
Posted: Tue Dec 13, 2016 2:37 pm
by bwallace
Perhaps we should 1st learn the version of your check_http plugin:
/usr/local/nagios/libexec/check_http -V
While we're at it, get openssl details:
yum list installed | grep openssl
The following seemed to indicate a problem with a specific check_http versions <1.4.14 or wordpress in the2nd link:
https://www.reddit.com/r/sysadmin/comme ... plication/
https://sourceforge.net/p/nagiosplug/bugs/423/
For the record I'm using 2.0.3 on XI 5.3.2
[root@XIcent7 libexec]# ./check_http -V
check_http v2.0.3 (nagios-plugins 2.0.3)
Re: check_http detecting a loop!
Posted: Tue Dec 13, 2016 2:42 pm
by BanditBBS
Code: Select all
[jclark@iss-chi-nag05 ~]$ /usr/local/nagios/libexec/check_http -V
check_http v2.0.3 (nagios-plugins 2.0.3)
[jclark@iss-chi-nag05 ~]$ yum list installed | grep openssl
*Note* Red Hat Network repositories are not listed below. You must run this command as root to access RHN repositories.
openssl.x86_64 1.0.1e-42.el6 @rhel-x86_64-server-6
openssl-devel.x86_64 1.0.1e-42.el6 @rhel-x86_64-server-6
openssl-perl.x86_64 1.0.1e-42.el6 @rhel-x86_64-server-optional-6
openssl098e.i686 0.9.8e-17.el6 @rhel-x86_64-server-6
Re: check_http detecting a loop!
Posted: Tue Dec 13, 2016 5:31 pm
by bwallace
Thanks for the details, that all looks fine. What does the check command look like - are you using '-f' anywhere?
Re: check_http detecting a loop!
Posted: Tue Dec 13, 2016 6:29 pm
by BanditBBS
Code: Select all
check_http -H www.mysite.com --ssl -u /my/dir/to/go -f follow
I have to use follow due to all the redirects described in opening post. I can browse from any browser just fine and get to the page, just not check_http or curl. So it seems to be an issue with either linux itself or something on the nagios server.
Re: check_http detecting a loop!
Posted: Wed Dec 14, 2016 10:22 am
by rkennedy
Could you post the full output with -v? Also, what is the full output of
curl -v www.mysite.com/my/dir/to/go?
Re: check_http detecting a loop!
Posted: Wed Dec 14, 2016 10:31 am
by BanditBBS
Sent in PM, sensitive information.
Re: check_http detecting a loop!
Posted: Wed Dec 14, 2016 10:41 am
by rkennedy
Based off of the output, I do not believe the issue is with the plugin. It seems the CURL loop heads on for eternity too. In the past I've seen this with http -> https redirections, but it appears to be strictly https across the board.
The redirects are happening at the headers. Does the page constantly refresh by any chance?
I would think you could fix this by taking out the -f for follow, and define a -e to expect the redirect.
Code: Select all
Original request:
> GET /o/f/p/OfsllSignIn.jsf HTTP/1.1
Header redirect:
< Location: https://*/o/f/p/OfsllSignIn.jsf
* Issue another request to this URL: 'https://*/o/f/p/OfsllSignIn.jsf'
* Re-using existing connection! (#0) with host QA-OFSLL.hdfs.itciss.com
* Connected to * (*) port 443 (#0)
> GET /o/f/p/OfsllSignIn.jsf HTTP/1.0
Re: check_http detecting a loop!
Posted: Wed Dec 14, 2016 10:45 am
by BanditBBS
Yeah, that would validate the initial URL is working, but then that ignores if it gets through the WAF and then gets to the login page.
Re: check_http detecting a loop!
Posted: Wed Dec 14, 2016 12:05 pm
by BanditBBS
Really seems to be a linux bug and nothing I can do to resolve this and monitor the URL all the way through
Trying to think of workarounds but coming up empty.