check_http adds Port to Host Header (which is a violation of RFC) leading to problems checking certain hosts; current official nagios plugin sources fixes the problem
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
nagios-plugins (Ubuntu) |
Fix Released
|
Wishlist
|
Unassigned |
Bug Description
Ubuntu 8.04 sends this:
E..<..@.@...W. .P.....
.~.........
12:23:13.384425 IP 80.237.198.212.80 > 87.230.9.180.54999: S 1138991569:
E..<..@.;..`P...W. ..P..C.
P..H
.~.....
12:23:13.384448 IP 87.230.9.180.54999 > 80.237.198.212.80: . ack 1 win 1460 <nop,nop,timestamp 183271145 1351211080>
E..4..@.@...W. .P.....
.~.P..H
12:23:13.384564 IP 87.230.9.180.54999 > 80.237.198.212.80: P 1:117(116) ack 1 win 1460 <nop,nop,timestamp 183271145 1351211080>
E.....@.@..6W. .P.....
.~.P..HGET / HTTP/1.0
User-Agent: check_http/v1944 (nagios-plugins 1.4.11)
Connection: close
Host: www.ligatus.de:80
Expected (an in current official nagios plugins) is:
12:24:32.231387 IP 192.168.
E..<.J@
.P.vk..
.S..........
12:24:32.236297 IP 80.237.198.212.80 > 192.168.
E..<..@
p.q..vk.
P..m.S......
12:24:32.236335 IP 192.168.
E..4.K@
.P.vk.p.
.S..P..m
12:24:32.239564 IP 192.168.
E....L@
.P.vk.p.
.S..P..mGET / HTTP/1.0
User-Agent: check_http/v2053 (nagios-plugins 1.4.13)
Connection: close
Host: www.ligatus.de
Well, adding port to the "Host" header isn't an RFC violation.
RFC2616 says in 14.23 Host ambiguous URLs, such as the root "/"
The Host request-header field specifies the Internet host and port
number of the resource being requested, as obtained from the original
URI given by the user or referring resource (generally an HTTP URL,
as described in section 3.2.2). The Host field value MUST represent
the naming authority of the origin server or gateway given by the
original URL. This allows the origin server or gateway to
differentiate between internally-
URL of a server for multiple host names on a single IP address.
Host = "Host" ":" host [ ":" port ] ; Section 3.2.2
Nagios plugins 1.4.13 fixed it in its 2053 revision so that if it's default port 80 the port part is omitted, which the RFC allows to do. It was done to workaround buggy servers (see sourceforge. net/tracker/ ?func=detail& aid=2082501& group_id= 29880&atid= 397597 for details) that don't support the "Host:" header correctly.
http://
I'm not sure support for buggy servers should be considered a bug, and this will definitely not trigger a hardy SRU. We should move to 1.4.13 though, so I'm keeping this as a wishlist item.
Note: there is a RFC violation in this plugin, though: the "Host" header shouldn't even be present if you make a HTTP/1.0 request, as it is a HTTP/1.1 thing.