Check_http + basis authentication do not work

I’m tring to check URL availability + Login into a web page (basis authentication) using the check_http plugin.
I’m using the 2.2 version but even with 2.4 version (latest) the results is the same.

The command I run is something like that:
'./check_http' '-H' 'my-host-to-check:8000' '-u' '/Account/LogOn?ReturnUrl=%2f' '-w' '10' '-c' '15' -s 'A-word-in-the-page' -a "myusername:mypasssword" -v

This command give me an OK result (too fast IMO), but the strange thing is that if I try to use a wrong user or password the results still remain OK!

So seems that the login process is not performed at all.
I have also user the -P (instead of -a) option with:

-P "username=myusername&pwd=mypasssword"

But the results in this case is an error. Probably this syntax is not correct!

Do I’m using the wrong syntax for this kind of check?
Can you share some example?

THX in advance

Hi @picoroma,
First things first, there are two popular slightly different implementations of check_http, the one from the monitoring-plugins project and the one from the nagios-plugins project.
Which one you got is likely dependent on your operating system, Debian, Suse and some others use monitoring-plugins, Red Hat nagios-plugins.
Please tell us which one it is.

I’m using the monitoring-plugin one:

'/usr/lib/nagios/plugins/check_http' -V
check_http v2.2 (monitoring-plugins 2.2)

My OS is UBUNTU:

cat /etc/os-release
NAME="Ubuntu"
VERSION="20.04.6 LTS (Focal Fossa)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 20.04.6 LTS"

hm, 2.2 is not the freshest version, but still that should work.
could you try again with -v? I should show what check_http sends to the server including the Authorization line.

Also, are you sure your website uses basic auth?

I’d suggest you check your webserver logs to ensure the request is going where you think it is.

You can even add additional logging of the basic auth line.

I tried even with 2.4 (should be latest) and the beheaviur is the same!

ok, lets investigate this in practice. If you visit that site in your browser, do you get
a username + password form from the browser? or does the website have a
separtate login page or something?

1 Like