Is a null username possible with check_http

Marc Powell marc at ena.com
Wed Jul 29 22:45:59 CEST 2009


On Jul 29, 2009, at 2:09 PM, Jim McNamara wrote:

> Thanks for that help. Unfortunately it leads to some unusual  
> results. Both authenticating from firefox on a windows host and on  
> the CLI from the linux server show the same credentials being  
> passed, as shown here:
>
> (Windows)
> User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv: 
> 1.9.0.12) Gecko/2009070611 Firefox/3.0.12\r\n
> Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/ 
> *;q=0.8\r\n
> Accept-Language: en-us,en;q=0.5\r\n
> Accept-Encoding: gzip,deflate\r\n
> Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7\r\n
> Keep-Alive: 300\r\n
> Connection: keep-alive\r\n
> Authorization: Basic OnJlYm9vdA==\r\n
> Credentials: :reboot
> \r\n
>
> (Linux)
> GET / HTTP/1.0\r\n
> User-Agent: check_http/v2053 (nagios-plugins 1.4.13)\r\n
> Connection: close\r\n
> Authorization: Basic OnJlYm9vdA==\r\n
> Credentials: :reboot
> \r\n
>
> So both agents pass the correct info to the unit, but something  
> clearly doesn't behave well.

I agree. Both translate to the same string.

> I do see a fair amount of javascript in the windows capture after  
> the authentication, could that be part of the issue?

No. I am presuming the javascript is being sent in response to the  
successful auth.

> Also the "Connection: close\r\n sent by check_http has me wondering  
> if is closing the stream before some of the authentication is  
> completed?

No, that's just telling the server that it can close the connection  
after sending the response. That response should be the HTML of the  
page after successful auth. That's standard HTTP and they shouldn't be  
bombing based on that.

> I have both captures from tshark and wireshark saved if seeing the  
> full info would be any help.

Probably not. It certainly appears that this device is requiring  
something more than just Basic authentication. It may be looking at  
User-Agent or some other header and rejecting if it's not there or  
something unexpected. You might try adding a -A to change the user- 
agent to match the one above and/or one or more -k headers to see what  
that extra bit might be. Other than that, your best source of what  
they're really looking for is going to be the manufacturer unless they  
happen to provide the source (yeah, right....).

--
Marc


------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
trial. Simplify your report design, integration and deployment - and focus on 
what you do best, core application coding. Discover what's new with 
Crystal Reports now.  http://p.sf.net/sfu/bobj-july
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null





More information about the Users mailing list