Using nagios check_httpfor webbasedauthentication

Marc Powell marc at ena.com
Fri Jan 23 14:47:22 CET 2009


On Jan 22, 2009, at 11:59 PM, Venugopal S wrote:

>
> Hi Joerge,
>
> As you said "welcome venu" is not in the response in spite of giving
> valid credentials. That is why I am wondering !
> Even I gave the -v switch and found in the HTML response that "welcome
> venu" is not found. And the response HTML is the same as signin.do. It
> must have thrown me the login success page isn't it ?

> ./check_http -I 199.107.237.196 -H  ww12.1800flowers.com -u / 
> signin.do -p 80 -P "email=svenugopaal at gmail.com&password=podhum" -s  
> "welcome venu"



Hi Venu,

I created an account to test and see that I gave you some incorrect  
information. Looking at the form HTML, the URL that the form  
information is actually posted to is /signinaction.do, not /signin.do  
so that will need to change that in the command definition.

Now with the correct URL and successful login, I see that the success  
'page' returned is just a 302 redirect that bounces you to

Location: https://ww12.1800flowers.com/customerwelcome.do?cmReg=L

Unfortunately we come to a stopping point here. check_http will need  
to follow that redirect if it's going to see the text you're expecting  
to see on the final page and it can do that with  --onredirect=follow.  
The problem is that the coding of the final landing page appears to  
absolutely require the presence of a login cookie to know that you're  
logged in. check_http does not pass cookies as part of a redirect (but  
can be programmed to pass static cookies using the -k switch). The  
cookies that are being passed to us appear to be temporary session  
cookies anyway so I'm not sure how useful it would be to create  
another check for the customerwelcome.do page.

What I ended up with is --

./check_http  -I 199.107.237.196 -H  ww12.1800flowers.com -u / 
signinaction.do -p 80 -P "email=myaddress&password=mypass" -e 302 -r  
html --invert-regex

This will ensure that we see the 302 redirect returned by a successful  
login and that we do not see the word 'html' in a web page instead of  
the 302 redirect (meaning the login failed). Essentially, you'll know  
that the login worked, but not that the customerwelcome.do page was  
actually displayed. That may be enough for your needs.

--
Marc






------------------------------------------------------------------------------
This SF.net email is sponsored by:
SourcForge Community
SourceForge wants to tell your story.
http://p.sf.net/sfu/sf-spreadtheword
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null





More information about the Users mailing list