Using nagios check_httpfor webbasedauthentication

Kevin Keane subscription at kkeane.com
Fri Jan 23 08:15:09 CET 2009
Previous message: Using nagios check_httpfor webbasedauthentication
Next message: Using nagios check_httpfor webbasedauthentication
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Actually, the response HTML usually ISN'T a login success page. Most of 
the time, with form-based login, the user name and password will be 
submitted to the same URL (in your case, signin.do). The Web server will 
then return a page (typically, completely empty) with a status code of 
302 (instead of the normal 200) and another URL in one of the headers. A 
Web browser will interpret the 302 as "redirect, please go to this new 
URL instead". So when you click on the "Logon" button, the browser will 
actually do not one but two (or sometimes even three or more) HTTP 
requests. Only the last one would contain the "welcome venu" text.

I'm not sure if check_http is smart enough to follow redirects; my guess 
is that it is not; it's designed to be very simple. You may have to 
either rely on status code 302 (which will also happen when login 
failed), or you will have to find (or write your own) a plugin that will 
follow redirects.

Venugopal S wrote:
> Hi Joerge,
>
> As you said "welcome venu" is not in the response in spite of giving
> valid credentials. That is why I am wondering !
> Even I gave the -v switch and found in the HTML response that "welcome
> venu" is not found. And the response HTML is the same as signin.do. It
> must have thrown me the login success page isn't it ?
>
> Venu
>
> -----Original Message-----
> From: Joerg Linge [mailto:pitchfork at ederdrom.de]
> Sent: Friday, January 23, 2009 11:20 AM
> Cc: nagios-users at lists.sourceforge.net
> Subject: Re: [Nagios-users] Using nagios check_httpfor
> webbasedauthentication
>
> Venugopal S schrieb:
>   
>> Hi Marc,
>>
>>
>>
>> * This is my command in commands.cfg : *
>>
>>
>>
>> / define command{ /
>>
>> /         command_name    check_http /
>>
>> /         command_line    $USER1$/check_http -I $HOSTADDRESS$
>>               /
>>
>> /         } /
>>
>>
>>
>> I executed the following command :
>>
>>
>>
>> ./check_http -I 199.107.237.196 -H  ww12.1800flowers.com -u /signin.do
>>     
>
>   
>> -p 80 -P "email= svenugopaal at gmail.com&password=podhum" -s "welcome
>>     
> venu"
>   
>>
>> and it threw
>>
>>
>>
>> HTTP CRITICAL - string not found|time=0.080070s;;;0.000000
>>     
> size=38300B;;;0
>   
>>
>> Any idea why ?
>>     
>
> Add -v to you test a analyze te response. There is no string "welcome
> venu" in the response.
>
>
> ------------------------------------------------------------------------
> ------
> This SF.net email is sponsored by:
> SourcForge Community
> SourceForge wants to tell your story.
> http://p.sf.net/sfu/sf-spreadtheword
> _______________________________________________
> Nagios-users mailing list
> Nagios-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagios-users
> ::: Please include Nagios version, plugin version (-v) and OS when
> reporting any issue.
> ::: Messages without supporting info will risk being sent to /dev/null
>
> This email message and its attachments may contain CONFIDENTIAL AND PRIVILEGED INFORMATION intended for the sole use of the addressee(s). If you have received it in error, please contact the sender by return email, notify your system manager and destroy the original message and any copies thereof. Any review, use, disclosure or distribution is unlawful. Please check this email and any attachments for the presence of viruses. The Company accepts no  liability for any damage caused by any virus transmitted by this email. The views or opinions presented in this e-mail are solely those of the author and do not necessarily represent those of the company.
> The Company reserves the right to monitor, review and store the content of all messages sent to or from this e-mail address.
>
> www.aztecsoft.com
>
> ------------------------------------------------------------------------------
> This SF.net email is sponsored by:
> SourcForge Community
> SourceForge wants to tell your story.
> http://p.sf.net/sfu/sf-spreadtheword
> _______________________________________________
> Nagios-users mailing list
> Nagios-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagios-users
> ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
> ::: Messages without supporting info will risk being sent to /dev/null
>   


-- 
Kevin Keane
Owner
The NetTech
Find the Uncommon: Expert Solutions for a Network You Never Have to Think About

Office: 866-642-7116
http://www.4nettech.com

This e-mail and attachments, if any, may contain confidential and/or proprietary information. Please be advised that the unauthorized use or disclosure of the information is strictly prohibited. The information herein is intended only for use by the intended recipient(s) named above. If you have received this transmission in error, please notify the sender immediately and permanently delete the e-mail and any copies, printouts or attachments thereof.


------------------------------------------------------------------------------
This SF.net email is sponsored by:
SourcForge Community
SourceForge wants to tell your story.
http://p.sf.net/sfu/sf-spreadtheword
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null
Previous message: Using nagios check_httpfor webbasedauthentication
Next message: Using nagios check_httpfor webbasedauthentication
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Users mailing list