Page 1 of 1
check_http to ensure 403 response
Posted: Tue Feb 21, 2017 4:38 am
by danieljamesscott
Hi,
Is it possible to use check_http to ensure that a 403 Forbidden response is returned from a server?
I am running the following check:
Code: Select all
/usr/lib/nagios/plugins/check_http -H example.com -p 443 -u /secure-page -S --expect="403"
But I receive a 'WARNING' response:
Code: Select all
HTTP WARNING: Status line output matched "403" - HTTP/1.1 403 Forbidden - 381 bytes in 0.114 second response time |time=0.114195s;;;0.000000 size=381B;;;0
And I have checked the return code, which is '1'. As I'm using the 'expect 403', I would expect this to be 'OK'.
Is it possible to use check_http to give an 'OK' response when a 403 response code is received?
Thanks,
Dan
Re: check_http to ensure 403 response
Posted: Tue Feb 21, 2017 11:51 am
by bwallace
Yes, you can you the 'negate' plugin in conjunction with your check command. This docs explains how to do it:
https://assets.nagios.com/downloads/nag ... 1456514247
The Negate plugin allows for any standard plugin output to be reversed and is very useful with hosts or services that are expected to be in a Critical
or Warning state but you wish to show them as OK. This function can be used for the opposite effect (i.e. showing a CRITICAL state
when the actual state is OK)
Re: check_http to ensure 403 response
Posted: Tue Feb 21, 2017 11:56 am
by mcapra
Hmm, this works as expected for me:
Code: Select all
[root@xi-stable var]# /usr/local/nagios/libexec/check_http -H 192.168.67.1 -u /nagiosxi/includes/
HTTP WARNING: HTTP/1.1 403 Forbidden - 430 bytes in 0.000 second response time |time=0.000358s;;;0.000000 size=430B;;;0
[root@xi-stable var]# /usr/local/nagios/libexec/check_http -H 192.168.67.1 -u /nagiosxi/includes/ -e 403
HTTP OK: Status line output matched "403" - 430 bytes in 0.000 second response time |time=0.000357s;;;0.000000 size=430B;;;0
[root@xi-stable var]# /usr/local/nagios/libexec/check_http -H 192.168.67.1 -u /nagiosxi/includes/ --expect="403"
HTTP OK: Status line output matched "403" - 430 bytes in 0.000 second response time |time=0.000347s;;;0.000000 size=430B;;;0
Can you share the version of check_http you're leveraging as well as the verbose output of the check command using the -v argument? Like so:
Code: Select all
/usr/lib/nagios/plugins/check_http -V
/usr/lib/nagios/plugins/check_http -H example.com -p 443 -u /secure-page -S --expect="403" -v
Re: check_http to ensure 403 response
Posted: Tue Feb 21, 2017 3:17 pm
by danieljamesscott
I'm using recent RPMs which I built myself from the spec file
Version information
Code: Select all
check_http v2.2.0 (nagios-plugins 2.2.0)
Verbose output:
Code: Select all
SSL initialized
GET /secure-page HTTP/1.1
User-Agent: check_http/v2.2.0 (nagios-plugins 2.2.0)
Connection: close
Host: example.com
Accept: */*
https://example.com:443/secure-page is 381 characters
STATUS: HTTP/1.1 403 Forbidden
**** HEADER ****
Content-Type: text/html; charset=iso-8859-1
Date: Tue, 21 Feb 2017 20:12:22 GMT
Vary: Accept-Encoding
Content-Length: 210
Connection: Close
**** CONTENT ****
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /secure-page
on this server.</p>
</body></html>
Status line output matched "403" -
HTTP WARNING: Status line output matched "403" - HTTP/1.1 403 Forbidden - 381 bytes in 0.025 second response time |time=0.024534s;;;0.000000 size=381B;;;0
I thought that it wasn't correct behaviour as it's only started happening since I upgraded from plugins version 1.4.something.
Re: check_http to ensure 403 response
Posted: Tue Feb 21, 2017 3:30 pm
by danieljamesscott
I just found this:
https://github.com/nagios-plugins/nagio ... issues/236
Which explains my problem, might have to revert from the bleeding edge!
Re: check_http to ensure 403 response
Posted: Tue Feb 21, 2017 4:57 pm
by ssax
Yep, that looks to be the case, did you try downgrading and seeing if that fixed it?