Page 1 of 1

How to login in to http website and check the pages

Posted: Mon May 17, 2021 10:59 am
by kaushalshriyan
Hi All,

I am running Nagios core 4.4.6 version (https://www.nagios.org/downloads/nagios-core/thanks/) on CentOS Linux release 8.3.2011. Is there a way to check if the login is working on a website using Nagios Core? I checked https://www.monitoring-plugins.org/doc/ ... _http.html but unable to see any option.

For example:- https://developerportal.mydomain.com/login using the below login credentials if the login is successful. If login fails then Nagios Core will trigger an alert saying login failure.

URL :- https://developerportal.mydomain.com/login
Username :- [email protected]
Password :- xxxxxxxxxxxxxxxxxx

Thanks in Advance. I look forward to hearing from you.

Best Regards,

Kaushal

Re: How to login in to http website and check the pages

Posted: Fri May 21, 2021 12:08 pm
by mcapra
It depends on the form's behavior.

If there's something like a POST request that is being submit to /login as the login form's action, check_http supports setting the request method and providing request data:

Code: Select all

 -P, --post=STRING
    URL encoded http POST data
 -j, --method=STRING  (for example: HEAD, OPTIONS, TRACE, PUT, DELETE, CONNECT, CONNECT:POST)
    Set HTTP method.
 -T, --content-type=STRING
    specify Content-Type header media type when POSTing
If it's not just a generic HTTP POST request that the form is submitting, you would need to leverage something like Mechanize, Selenium, Cypress, Playwright, or similar utilities to handle driving the web browser.

Selenium used to have official support within Nagios XI for stuff like this, but it appears as though many of the Nagios+Selenium plugins are quite out of date.

I wrote this to run CasperJS based tests a while ago:
https://github.com/mcapra/nagios-check_casperjs

I have no idea if it still works. I only ever tested it on PhantomJS, which had development halted a few years ago.

Re: How to login in to http website and check the pages

Posted: Sat May 22, 2021 1:17 pm
by kaushalshriyan
Thanks mcapra for the reply. I did the below config

./check_http -a "[email protected]:xxxxxxxxxx" develop.mydomain.com
HTTP OK: HTTP/1.0 301 Moved Permanently - 437 bytes in 0.018 second response time |time=0.018391s;;;0.000000;10.000000 size=437B;;;0

$./check_http -a “[email protected]:xxxxxxxxxx” develop.mydomain.com
HTTP OK: HTTP/1.0 301 Moved Permanently - 437 bytes in 0.024 second response time |time=0.024078s;;;0.000000;10.000000 size=437B;;;0

I tested it using the wrong email id and password, I see the same result. Ideally, it should return Unauthenticated. Am I missing anything?

Best Regards,

Kaushal

Re: How to login in to http website and check the pages

Posted: Sun May 23, 2021 6:29 am
by mcapra
You can also ask check_http to follow 3xx redirects, give that a try if you're expecting either a 200 or 401:

Code: Select all

 -f, --onredirect=<ok|warning|critical|follow|sticky|stickyport>
    How to handle redirected pages. sticky is like follow but stick to the
    specified IP address. stickyport also ensures port stays the same.
I'm not sure what the plugin's behavior is for 401 responses. You may need to look for 401 in the header:

Code: Select all

 -d, --header-string=STRING
    String to expect in the response headers

Re: How to login in to http website and check the pages

Posted: Fri May 28, 2021 6:40 pm
by kaushalshriyan
Thanks for the reply. I use [email protected]:test@1234 to log in to https://develop.mydomain.com/user/login. It works without issue.I am attaching the screenshot for your reference. [img]
119262015-5312f680-bbf7-11eb-8122-9a676c501b33.png
[/img]

If I use the wrong password it will report an Unrecognized username or password. Forgot your password? I am attaching the screenshot for your reference.

[img]
119262015-5312f680-bbf7-11eb-8122-9a676c501b33.png
[/img]


./check_http -vvv -a "[email protected]:test@1234" --ssl -u /user/login -H develop.mydomain.com
HTTP OK: HTTP/1.1 200 OK - 334002 bytes in 0.088 second response time |time=0.087709s;;;0.000000;10.000000 size=334002B;;;0

./check_http -vvv -a "[email protected]:**t1234**" --ssl -u /user/login -H develop.mydomain.com
HTTP OK: HTTP/1.1 200 OK - 334034 bytes in 0.089 second response time |time=0.088863s;;;0.000000;10.000000 size=334034B;;;0

When I use the wrong password I still get 200 OK instead of 401 Unauthorized.

Please suggest further. Thanks in Advance.

Best Regards,

Re: How to login in to http website and check the pages

Posted: Tue Jun 01, 2021 12:05 pm
by mcapra
You can try adding the -v flag to get more verbose output for what exactly check_http is doing:

Code: Select all

     -v, --verbose
        Show details for command-line debugging (Nagios may truncate output)
You can also use -e flag to instead look for that "Unrecognized username or password" message in the response body:

Code: Select all

     -s, --string=STRING
        String to expect in the content
Without knowing specifically how the form is meant to behave (like what the actual code being executed is), it's hard for me to offer much insight.