[External] Re: [Xymon] can I put enadis into debug mode?

Rothlisberger, John R. john.r.rothlisberger at accenture.com
Fri Sep 13 23:53:41 CEST 2019 

I was able to set HTTP_HOST within cgioptions.cfg:

And now, it appears as though enadis works - but its not disabling the test...
Cgioptions.cfg:
HTTP_HOST=aoc.accenture.com

11428 2019-09-13 22:43:31.789838 Opening file /home/xymon/server/etc/xymonmenu.cfg
11428 2019-09-13 22:43:31.793320 Trying header/footer file '/home/xymon/server/web/maint_footer'
11479 2019-09-13 22:43:45.424949 CGI: Request method='POST', data='hostname=serverA&disabletest=lupdate&hostpattern=serverA&pagepattern=&ippattern=&classpattern=&cause=test+disable&go2=Disable+for&duration=4&scale=60&endmonth=9&endday=13&endyear=2019&endhour=22&endminute=43&go=Disable+now&month=9&day=13&year=2019&hour=22&minute=43'
11479 2019-09-13 22:43:45.425092 CSP return is Content-Security-Policy: script-src 'self' 'unsafe-inline'; connect-src 'self'; form-action 'self'; sandbox allow-forms allow-scripts allow-same-origin allow-modals allow-popups;
X-Content-Security-Policy: script-src 'self' 'unsafe-inline'; connect-src 'self'; form-action 'self'; sandbox allow-forms allow-scripts allow-same-origin allow-modals allow-popups;
X-Webkit-CSP: script-src 'self' 'unsafe-inline'; connect-src 'self'; form-action 'self'; sandbox allow-forms allow-scripts allow-same-origin allow-modals allow-popups;
11479 2019-09-13 22:43:45.425124  - checking if referer is OK (http_referer: https://our.domain.com/xymon-seccgi/enadis.sh, http_host: our.domain.com, xymonwebhost: https://our.domain.com, checkstr: /xymon-seccgi/enadis
11479 2019-09-13 22:43:45.425212 Trying header/footer file '/home/xymon/server/web/maintact_header'
11479 2019-09-13 22:43:45.425354 Opening file /home/xymon/server/etc/xymonmenu.cfg
11479 2019-09-13 22:43:45.425549 Action = disable
11479 2019-09-13 22:43:45.425564 Tests = 11479 2019-09-13 22:43:45.425574 Duration = 4, scale = 60
11479 2019-09-13 22:43:45.425582 Cause = test disable
11479 2019-09-13 22:43:45.425608 Trying header/footer file '/home/xymon/server/web/maintact_footer'
11482 2019-09-13 22:43:49.112970 CGI: Request method='GET', data=''
11482 2019-09-13 22:43:49.113120 Transport setup is:
11482 2019-09-13 22:43:49.113138 xymondportnumber = 1984
11482 2019-09-13 22:43:49.113147 xymonproxyhost = NONE
11482 2019-09-13 22:43:49.113156 xymonproxyport = 0
11482 2019-09-13 22:43:49.113164 Recipient listed as '127.0.0.1'
11482 2019-09-13 22:43:49.113173 Standard protocol on port 1984
11482 2019-09-13 22:43:49.113194 Will connect to address 127.0.0.1 port 1984
11482 2019-09-13 22:43:49.113328 Connect status is 0
11482 2019-09-13 22:43:49.113373 Sent 16 bytes

Unbuntu 16.04LTS
Xymon 4.3.30

Thanks,
John

-----Original Message-----
From: Japheth Cleaver <cleaver at terabithia.org>
Sent: Thursday, September 12, 2019 5:45 PM
To: Rothlisberger, John R. <john.r.rothlisberger at accenture.com>; rene at vermare.net
Cc: xymon at xymon.com
Subject: Re: [External] Re: [Xymon] can I put enadis into debug mode?

This message is from an EXTERNAL SENDER - be CAUTIOUS, particularly with links and attachments.

On 9/12/2019 2:58 PM, Rothlisberger, John R. wrote:

> That worked for debugging - can at least see where the error is coming from:

>

> 76996 2019-09-12 22:42:29.566819  - checking if referer is OK (http_referer: https://urldefense.proofpoint.com/v2/url?u=https-3A__our.domain.com_xymon-2Dseccgi_enadis.sh&d=DwICaQ&c=eIGjsITfXP_y-DLLX0uEHXJvU8nOHrUK8IrwNKOtkVU&r=u6KtIBCRNAeN-AbgJjdZe5zZJVFEfq04dnWD-hYNPL_fxJIIFncbL8W6k0NMJtuq&m=bRahvPMUFYb204VPoQl7be5NB_ddal_nzGb2JBHaABg&s=HpwRnnzanaIWULrjFb04HysWuBn92I2_d7Ms7pmSiK8&e= , http_host: 10.20.30.40, xymonwebhost: https://urldefense.proofpoint.com/v2/url?u=https-3A__our.domain.com&d=DwICaQ&c=eIGjsITfXP_y-DLLX0uEHXJvU8nOHrUK8IrwNKOtkVU&r=u6KtIBCRNAeN-AbgJjdZe5zZJVFEfq04dnWD-hYNPL_fxJIIFncbL8W6k0NMJtuq&m=bRahvPMUFYb204VPoQl7be5NB_ddal_nzGb2JBHaABg&s=ik1nvxSgFr0cOhbiWRUQbpQ8u_Vq7hDK4hnkeaMqQsE&e= , checkstr: /xymon-seccgi/enadis

> 76996 2019-09-12 22:42:29.566832 Disallowed request due to unexpected referer 'our.domain.com/xymon-seccgi/enadis.sh', wanted '10.20.30.40/xymon-seccgi/enadis' (originally '/xymon-seccgi/enadis')

>

> http_host is the IP of the Xymon server - but not the same as the URL used for our system (we have several and use a reverse proxy to get to all of them).

>

> Without taking too many wild guesses at which setting defines http_host (can't find it in man pages) - how do I change that?



HTTP_HOST is actually going to be set by the client. However the check

can be overridden by setting $XYMONSERVERWWWNAME (technically

$XYMONWEBHOST is what's used) in xymonserver.cfg to what you're

expecting the client to be using.



Depending on current .cfg settings, something may be specifying the

basic IP there.



HTH,



-jc




________________________________

This message is for the designated recipient only and may contain privileged, proprietary, or otherwise confidential information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the e-mail by you is prohibited. Where allowed by local law, electronic communications with Accenture and its affiliates, including e-mail and instant messaging (including content), may be scanned by our systems for the purposes of information security and assessment of internal compliance with Accenture policy. Your privacy is important to us. Accenture uses your personal data only in compliance with data protection laws. For further information on how Accenture processes your personal data, please see our privacy statement at https://www.accenture.com/us-en/privacy-policy.
______________________________________________________________________________________

www.accenture.com

More information about the Xymon mailing list