[Nagiosplug-devel] [ nagiosplug-Bugs-3552848 ] check_http plugin does not handle HTTP host header properly
SourceForge.net
noreply at sourceforge.net
Wed Aug 1 18:10:01 CEST 2012
Bugs item #3552848, was opened at 2012-07-31 16:20
Message generated for change (Comment added) made by j-bern
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=397597&aid=3552848&group_id=29880
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: None
Group: None
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Cálestyo (calestyo)
Assigned to: Nobody/Anonymous (nobody)
Summary: check_http plugin does not handle HTTP host header properly
Initial Comment:
Hi.
This is from the old / soon to be disabled again Nagios Plugins bug tracker that used to be at Nagios itself.
I've just copied this bug over. I'm not the original reporter and have no idea about the thoughts about this bug.
This used to be: http://tracker.nagios.org/view.php?id=211
--------------------------------------------------------------------------------
jmalone:
--------------------------------------------------------------------------------
The check_http plugin sends the "-H" argument as the HTTP host header even when a "-u" url argument is given; the latter is more correct I believe. My patch seems to correct the issue on my installation, but my C code may not be optimal. Patch is against nagios-plugins-1.4.15.
----------------------------------------------------------------------
Comment By: J. Bern (j-bern)
Date: 2012-08-01 09:10
Message:
Clarification: In the normal scenario (direct connection to webserver), the
-u parameter is *not meant* to include more than the *path* part of the
URL, in spite of the naming. (Proof: There are several places in
check_http.c where the *actual* URL gets reconstructed from method,
hostname/address, port, and the server_url variable in question here.)
However, when the plugin talks to a *proxy*, -u needs to state the entire
method/host/port/path assembly, referring to the actual webserver.
Having that said, both RFC 2616 section 14.23 and a quick packet sniff on a
productive proxy indicate that in the latter scenario, the Host: header
shall and does indicate the actual server, *not* the proxy. Given that -H
normally is used to indicate the host that the plugin shall connect to
(i.e., the proxy), I'd say that the patch does have merit as a means to
prevent confusion.
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=397597&aid=3552848&group_id=29880
More information about the Devel
mailing list