Using check_http to Monitor Cloudflare Websites

Linux Nagios and NagiosXI Networking

If you try to monitor a cloudflare fronted website with NagiosXI check_http you may get this:

[root@wtgc-nagios-01 libexec]# ./check_http -H www.mysite.com -S

HTTP WARNING: HTTP/1.1 403 Forbidden - 378 bytes in 0.029 second response time |time=0.028586s;;;0.000000 size=378B;;;0

After much fiddling found that if you formulate the check string as:

./check_http -H www.mysite.com -S --sni

HTTP OK: HTTP/1.1 200 OK - 2175 bytes in 0.556 second response time |time=0.555568s;;;0.000000 size=2175B;;;0

You’ll get a result like this, which is what we want!

You need to use this:

--sni

Enable SSL/TLS hostname extension support (SNI)

The SNI is Server Name Indication, you can read about it here, https://www.cloudflare.com/en-gb/learning/ssl/what-is-sni/, basically a mechanism to improve security by stopping name mis-matching and SSL certificate matching. (put simply).

Leave a Reply

Your email address will not be published.