Hi forum
i’d like to monitor a SaaS’ providers website which is hostet on AWS.
Upon setting up the “Check HTTP service” i noticed that the URL is always delivered not by the provider but by Cloudflare.
So i get the following results:
-SSL Cert check only works when disabling SNI (because hostname FQDN does not match the delivered Cloudflare cert)
-URL check results in an " HTTP/1.1 400 Bad Request" if only port 443 is checked, but thats also an answer from Cloudflare. If “Use SSL” is enabled, Checkmk reports “CRITICAL - Cannot make SSL connection.” - whether SNI is enabled or not.
Is there a possibility to make the check behave like the browser?
With check_http it should be possible to get the same result as your browser.
What do you see on the command line if you test with check_http and the verbose option?
Hi Andreas
check_http as classical Nagios plugin?
I saw yesterday that the native check is executed by “check_mk_active-http”, and i think in former times it has been check_http. Is it still shipped in 1.6p17 anyways?
If this is working you have only to find the correct settings for the WATO rule or configure this check with classic active / passive checks
from the check_http man page
CHECK SSL WEBSERVER CONTENT VIA PROXY USING HTTP 1.1 CONNECT:
check_http -I 192.168.100.35 -p 80 -u https://www.verisign.com/ -S -j CONNECT -H www.verisign.com
all these options are needed: -I <proxy> -p <proxy-port> -u <check-url> -S(sl) -j CONNECT -H <webserver>
a STATE_OK will be returned. When the server returns its content but exceeds
the 5-second threshold, a STATE_WARNING will be returned. When an error occurs,
a STATE_CRITICAL will be returned. By adding a colon to the method you can set the method used
inside the proxied connection: -j CONNECT:POST
```
Hi Andreas
something is still weird here.
I have set the HTTP method to CONNECT and it seemed to work, as also Service custom notes to “https://$HOSTNAME$” opens the correct webpage.
But… yesterday we had a “404 error page not found” over several hours, page could not load but the check itself did not recognize this.
Sorry iam totally new to this “SaaS over CDN thingy”, do i miss some understanding here?