Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

Error with check_apachestatus.pl

https://support.nagios.com/forum/viewtopic.php?t=53806

Page 1 of 2

Error with check_apachestatus.pl

Posted: Thu May 09, 2019 10:22 am
by Frédéric GRANAT
Hi,
When I test the following command :
[[email protected] ~]# /usr/local/nagios/libexec/check_apachestatus.pl -H xxxxx -p 80

I've got :
CRITICAL 403 Forbidden

Disabling the firewall on monitored server doesn't solve my problem.

Do you have any idea ?

Frederic

Re: Error with check_apachestatus.pl

Posted: Thu May 09, 2019 12:02 pm
by benjaminsmith
Hi Frederic,

Did you enable the Apache status module on the server. If so, please check your configuration file (or upload the file) so you are allowing access by the Nagios XI server. You'll find the file in /etc/httpd/conf/httpd.conf.

Re: Error with check_apachestatus.pl

Posted: Fri May 10, 2019 2:10 am
by Frédéric GRANAT
Hi,

I don't know if apache status module is enabled and on which server you ask me to enable it (monitored one or NagiosXI
Please find attached the httpd.conf file on the monitored server (windows server) and the httpd.conf of the Nagiosxi server

Re: Error with check_apachestatus.pl

Posted: Fri May 10, 2019 10:34 am
by benjaminsmith
Hi Frederic,

I looked at the apache configuration file on the monitored host and it looks ok. However, you'll want to make sure you have the correct ip address of the Nagios Server in the Allow from option.

Are you able to communicate with the host from the Nagios Server, what is the output of:

Code: Select all

nmap <remote host ip address>

You can verify http communication with:

Code: Select all

wget http://<remote host ip address>
wget https://<remote host ip address>

Re: Error with check_apachestatus.pl

Posted: Mon May 13, 2019 2:49 am
by Frédéric GRANAT
Hi,
Here's the ouptut of the commands :

Code: Select all

[root@nagiosxi ~]# nmap xxxxxxxxxx
Starting Nmap 6.47 ( http://nmap.org ) at 2019-05-13 09:45 CEST
Nmap scan report for xxxxxxxxxxx (xxxxxxxxxx)
Host is up (0.00021s latency).
Not shown: 987 filtered ports
PORT      STATE SERVICE
80/tcp    open  http
135/tcp   open  msrpc
139/tcp   open  netbios-ssn
445/tcp   open  microsoft-ds
1500/tcp  open  vlsi-lm
3389/tcp  open  ms-wbt-server
5432/tcp  open  postgresql
8000/tcp  open  http-alt
8080/tcp  open  http-proxy
8082/tcp  open  blackice-alerts
8083/tcp  open  us-srv
8085/tcp  open  unknown
55555/tcp open  unknown
MAC Address: 00:50:56:B1:76:81 (VMware)

Nmap done: 1 IP address (1 host up) scanned in 3.98 seconds

Code: Select all

[root@nagiosxi ~]# wget http://172.16.4.7
--2019-05-13 09:47:11--  http://172.16.4.7/
Connecting to 172.16.4.7:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 4770 (4.7K) [text/html]
Saving to: “index.html”

100%[======================================>] 4,770       --.-K/s   in 0s

2019-05-13 09:47:12 (338 MB/s) - “index.html” saved [4770/4770]

[root@nagiosxi ~]# wget https://172.16.4.7
--2019-05-13 09:47:48--  https://172.16.4.7/
Connecting to 172.16.4.7:443... failed: Connection timed out.
Retrying.

--2019-05-13 09:48:52--  (try: 2)  https://172.16.4.7/
Connecting to 172.16.4.7:443...

Re: Error with check_apachestatus.pl

Posted: Mon May 13, 2019 11:02 am
by benjaminsmith
Hi Frederic,

It looks the ports are open, and the wget command is successful for http but not for https. You should be able to access the server status page at:

Code: Select all

http://<remote host ip address>/server-status
Are you using a proxy server?

Re: Error with check_apachestatus.pl

Posted: Tue May 14, 2019 10:19 am
by Frédéric GRANAT
I tried to access http://xxxxxxxx/server-status from my PC and got :
"Forbidden

You don't have permission to access /server-status on this server."

I confirm that proxy isn't accessed when performing the http query from Nagios

Re: Error with check_apachestatus.pl

Posted: Tue May 14, 2019 2:30 pm
by benjaminsmith
Hi Frederic

You are using the domain name of the Nagios server in the server-status modules and it may not be able to resolve the ip address. Try to change the Allow from option to use the IP address of the Nagios Server, re-start apache and test again ( or test with Allow from all)

Code: Select all

<Location /server-status>
     SetHandler server-status
     Order deny,allow
     Deny from all
     Allow from 127.0.0.1 <IP address Nagios>
</Location>
If a firewall is blocking access from the Nagios server, check to see if the sysetem status page is up from the remote host.

Code: Select all

curl -v http://127.0.0.1/server-status

Re: Error with check_apachestatus.pl

Posted: Thu May 16, 2019 9:21 am
by Frédéric GRANAT
Try to change the Allow from option to use the IP address of the Nagios Server, re-start apache and test again
=> Done without success (even with Allow from all)

curl command unknown on monitored host
But we already tried the test of disabling the firewall without success

Re: Error with check_apachestatus.pl

Posted: Thu May 16, 2019 10:21 am
by gwakem
For what its worth, this is my directive in apache 2.4.6 on rhel7.5. It works perfectly, but I encountered similar issues to those reported until I removed the "deny,allow". From what I read, this was due to changes in the way apache handles the interaction.

Code: Select all

<Location "/server-status">
   SetHandler server-status
   Require ip XXX.XXX.XXX.XXX
   Require ip XXX.XXX.XXX.XXX
   Require ip XXX.XXX.XXX.XXX
</Location>
All times are UTC-05:00
Page 1 of 2

Powered by phpBB® Forum Software © phpBB Limited