Linux and Nagios‎ > ‎

Using check_http to Monitor Cloudflare Websites

posted 14 Aug 2020, 01:21 by Tristan Self   [ updated 14 Aug 2020, 01:26 ]
If you try to monitor a cloudflare fronted website with NagiosXI check_http you may get this:

[root@wtgc-nagios-01 libexec]# ./check_http -H www.mysite.com -S
HTTP WARNING: HTTP/1.1 403 Forbidden - 378 bytes in 0.029 second response time |time=0.028586s;;;0.000000 size=378B;;;0

After much fiddling found that if you formulate the check string as:

./check_http -H www.mysite.com -S --sni
HTTP OK: HTTP/1.1 200 OK - 2175 bytes in 0.556 second response time |time=0.555568s;;;0.000000 size=2175B;;;0

You'll get a result like this, which is what we want!

You need to use this:

--sni
    Enable SSL/TLS hostname extension support (SNI)

The SNI is Server Name Indication, you can read about it here, https://www.cloudflare.com/en-gb/learning/ssl/what-is-sni/, basically a mechanism to improve security by stopping name mis-matching and SSL certificate matching. (put simply).

Comments