Page 1 of 1
check_http and nosniff options
Posted: Fri Oct 16, 2020 9:18 am
by hbouma
We have a security tool that is needing the nosniff option set on the URL, but as soon as that is turned on, we start getting failures from our check_http monitors to those URLs.
We have Nagios 5.7.3, and the check has worked fine forever until this nosniff option was set. Does anyone have any experience with monitoring URLs that have the nosniff option?
Results of the check as soon as the nosniff option is turned on:
HTTP CRITICAL: HTTP/1.1 500 Internal Server Error - string 'STRING' not found on 'https:/URL' - 1528 bytes in 0.138 second response time
Re: check_http and nosniff options
Posted: Fri Oct 16, 2020 1:33 pm
by dchurch
This seems to me to be a bug in the remote HTTP server you're monitoring. The only reason you'd be seeing this is if the server returned a 5xx HTTP response code. Perhaps the code adding the header has a bug in it.
I'd check the following to see what's going on:
- The HTTP server's error logs
- The output from curl -D /dev/stdout [URL], where URL is the URL in the check_http configuration
Why the Plugin Is Returning This
The only way that the plugin could say that there was BOTH a 500 error and a missing string in the output is if the server returned a 5xx HTTP response code AND response body.
For instance, if the URL
http://myhost.example.com/mypage.php returned the following:
Code: Select all
HTTP/1.1 500 Internal Server Error
Date: Fri, 16 Oct 2020 18:11:24 GMT
Server: Apache
X-Powered-By: PHP
X-Content-Type-Options: nosniff
Content-Length: 3
Connection: close
Content-Type: text/html; charset=UTF-8
<html>empty example document</html>
and your plugin was looking for
STRING in the
-s flag configuration, then the plugin would give an error message similar to what you're seeing:
Code: Select all
/usr/local/nagios/libexec/check_http -I myhost.example.com -S -u /mypage.php -s STRING
HTTP CRITICAL: HTTP/1.1 500 Internal Server Error - string 'STRING' not found on 'https://myhost.example.com/mypage.php' - 271 bytes in 0.110 second response time |time=0.110098s;;;0.000000 size=271B;;;0
Re: check_http and nosniff options
Posted: Mon Oct 19, 2020 7:04 am
by hbouma
Thank you. My IT Security team got back to me and it was a bug in the way they were implementing the change. I appreciate the help.
Re: check_http and nosniff options
Posted: Mon Oct 19, 2020 7:32 am
by scottwilkerson
hbouma wrote:Thank you. My IT Security team got back to me and it was a bug in the way they were implementing the change. I appreciate the help.
Great!
Locking thread