Using nagios check_httpfor webbasedauthentication

Venugopal S venugopals at aztecsoft.com
Fri Jan 23 15:29:50 CET 2009


Hi Marc,

Will try this out on Tuesday. Thanks for your immense help.

Happy weekend for all of you there.


-----Original Message-----
From: Marc Powell [mailto:marc at ena.com]
Sent: Friday, January 23, 2009 7:17 PM
To: nagios-users at lists.sourceforge.net
Subject: Re: [Nagios-users] Using nagios check_httpfor
webbasedauthentication


On Jan 22, 2009, at 11:59 PM, Venugopal S wrote:

>
> Hi Joerge,
>
> As you said "welcome venu" is not in the response in spite of giving
> valid credentials. That is why I am wondering !
> Even I gave the -v switch and found in the HTML response that "welcome
> venu" is not found. And the response HTML is the same as signin.do. It
> must have thrown me the login success page isn't it ?

> ./check_http -I 199.107.237.196 -H  ww12.1800flowers.com -u /
> signin.do -p 80 -P "email=svenugopaal at gmail.com&password=podhum" -s 
> "welcome venu"



Hi Venu,

I created an account to test and see that I gave you some incorrect 
information. Looking at the form HTML, the URL that the form 
information is actually posted to is /signinaction.do, not /signin.do 
so that will need to change that in the command definition.

Now with the correct URL and successful login, I see that the success 
'page' returned is just a 302 redirect that bounces you to

Location: https://ww12.1800flowers.com/customerwelcome.do?cmReg=L

Unfortunately we come to a stopping point here. check_http will need 
to follow that redirect if it's going to see the text you're expecting 
to see on the final page and it can do that with  --onredirect=follow. 
The problem is that the coding of the final landing page appears to 
absolutely require the presence of a login cookie to know that you're 
logged in. check_http does not pass cookies as part of a redirect (but 
can be programmed to pass static cookies using the -k switch). The 
cookies that are being passed to us appear to be temporary session 
cookies anyway so I'm not sure how useful it would be to create 
another check for the customerwelcome.do page.

What I ended up with is --

./check_http  -I 199.107.237.196 -H  ww12.1800flowers.com -u /
signinaction.do -p 80 -P "email=myaddress&password=mypass" -e 302 -r 
html --invert-regex

This will ensure that we see the 302 redirect returned by a successful 
login and that we do not see the word 'html' in a web page instead of 
the 302 redirect (meaning the login failed). Essentially, you'll know 
that the login worked, but not that the customerwelcome.do page was 
actually displayed. That may be enough for your needs.

--
Marc






------------------------------------------------------------------------
------
This SF.net email is sponsored by:
SourcForge Community
SourceForge wants to tell your story.
http://p.sf.net/sfu/sf-spreadtheword
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when
reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null

This email message and its attachments may contain CONFIDENTIAL AND PRIVILEGED INFORMATION intended for the sole use of the addressee(s). If you have received it in error, please contact the sender by return email, notify your system manager and destroy the original message and any copies thereof. Any review, use, disclosure or distribution is unlawful. Please check this email and any attachments for the presence of viruses. The Company accepts no  liability for any damage caused by any virus transmitted by this email. The views or opinions presented in this e-mail are solely those of the author and do not necessarily represent those of the company.
The Company reserves the right to monitor, review and store the content of all messages sent to or from this e-mail address.

www.aztecsoft.com

------------------------------------------------------------------------------
This SF.net email is sponsored by:
SourcForge Community
SourceForge wants to tell your story.
http://p.sf.net/sfu/sf-spreadtheword
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null





More information about the Users mailing list