Using check_http to Monitor Cloudflare Websites

If you try to monitor a cloudflare fronted website with NagiosXI check_http you may get this:

[root@wtgc-nagios-01 libexec]# ./check_http -H www.mysite.com -S

HTTP WARNING: HTTP/1.1 403 Forbidden - 378 bytes in 0.029 second response time |time=0.028586s;;;0.000000 size=378B;;;0

After much fiddling found that if you formulate the check string as:

./check_http -H www.mysite.com -S --sni

HTTP OK: HTTP/1.1 200 OK - 2175 bytes in 0.556 second response time |time=0.555568s;;;0.000000 size=2175B;;;0

You’ll get a result like this, which is what we want!

You need to use this:

--sni

Enable SSL/TLS hostname extension support (SNI)

The SNI is Server Name Indication, you can read about it here, https://www.cloudflare.com/en-gb/learning/ssl/what-is-sni/, basically a mechanism to improve security by stopping name mis-matching and SSL certificate matching. (put simply).

Using check_http to Monitor Cloudflare Websites

Leave a Reply Cancel reply

Query Message Tracking Logs on Microsoft Exchange using Powershell

SSLScan for Website SSL Diagnostics

How to Check Domain NS Glue Records (using DIG)

Related Posts

Quick Guide – SSH Public Key Authentication (Ubuntu Linux)

Using IPv6 (Basics)

Using dnsmasq on Raspberry Pi for Quick Hosts File Fudge for Android Mobile

Leave a Reply Cancel reply