Skip to content

Check IIS servers that require user authenticaction

Check IIS servers that require user authenticaction published on 7 Comments on Check IIS servers that require user authenticaction

We needed to monitor a couple of IIS servers that required user authentication.
We currently use nagios and cacti to monitor our servers.

I cooked this simple script, that provides a method to check a IIS webserver page that require NTLM Authentication.
Horse work is done entirely by curl, I tested 7.12.1 with libcurl/7.12.1

To test if your current curl binary does the trick call curl like this

curl -u $user:$pass --ntlm  --stderr /dev/null $uri  -i

Examine the results, you should first see a page with a 401 unauthorized response, then you should see the authorization being sent over to the server, If the user and pass are correct and curl ntlm worked then you should see the end page with status code 200 OK or 302 Page Moved if its a redirect.

The script receives a URL as a parameter, logins to the IIS server using the curl binary, then it parses the output of the command and after it sees the authentication was sent, captures the response code.

Timeout pass and user values are hard-coded in the below example, the script currently only has handlers for some response codes, but a switch was used to add more in an easy way.
Response code is found with regexp /HTTP/1.1 ([0-9]{3}) .*/
if your server returns a different status code you might need to change that.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
#!/usr/bin/perl
#       02/Feb/10                       [email protected]
#  check_http page for IIS servers with ntlm authentication
#
# this check receives a URL as a parameter, logins to the IIS server
# using the curl binary, then it parses the output of the command
# and captures the response code. Timeout pass and user values are currently hardcoded
# script currently only has handlers for some response codes, but a switch was used to 
# add more in an easy way. Response code is found with regexp /HTTP/1.1 ([0-9]{3}) .*/
 
use Switch;
use Time::HiRes;
use Getopt::Long;
 
sub print_usage (){
print "Usage: $0 --uri="http://somepage" --user=DJohn --pass=p4ssw0rdn" ;
}
 
GetOptions( "U|uri=s" => $uri, "u|user=s" => $user,"p|pass=s"=> $pass);
 
if(!defined($uri) and !defined $user and !defined $pass){
print_usage();
}
 
$timeout=30;            # Timeout in seconds
 
$start = Time::HiRes::time();
run_command("curl -u $user:$pass --ntlm  --stderr /dev/null $uri  -i ");
$time = sprintf("%.2f",Time::HiRes::time()-$start);
 
switch ($http_code){
case 200 {print $time."s OK"; exit(0);}
case 302 {print $time."s PAGE MOVED"; exit(1);}
case 404 {print $time."s PAGE NOT FOUND"; exit(2);}
case 500 {print $time."s SERVER ERROR"; exit(2);}
case 401 {print $time."s UNAUTHORIZED"; exit(2);}
else     {print $time."s ERROR $output"; exit(-1);}
}
 
sub run_command {
$command=shift;
$pid = open(PIPE, "$command  |") or die $!;
eval {
       $output="";
       local $SIG{ALRM} = sub { die "TIMEDOUT" };
       alarm($timeout);
        while (<PIPE>) {
                if($_=~/HTTP/1.1 ([0-9]{3}) .*/ && $authentication_sent){
                        $http_code=$1;
                }
                if($_=~/WWW-Authenticate/){
                        $authentication_sent=1;
                }
                $output=$output.$_;
        }
        close(PIPE);
};
if ([email protected]) {
    die [email protected] unless [email protected] =~ /TIMEDOUT/;
    print "TIMEOUT";
    kill 9, $pid;
    $? ||= 9;
    exit(2);
}
}

As you will see this script can easily be edited to serve as a data input in cacti or other monitoring app.

7 Comments

Thank you for this script.
But the script return errors when I execute it.
I notice that i had the -w parameters in the she bang otherwise i can not execute the script.

I ran it under the fan distribution which is based on centos 5.
The Perl version is perl5 (revision 5 version 8 subversion 8

I have got this error:
Unrecognized escape s passed through at ./check_http_ntlm.pl line 35.
0.04s PAGE MOVED[[email protected] newplugins]#

Moreover I could be useful to pass the username and the password as arguments with the GetOptions command.

use Getopt::Long;
GetOptions( “u|uri=s” => $uri, “u|username=s” => $user,”p|password=s”=> $pass) or print_usage();

However i don’t know how to do the print_usage function

when i comment the line 35. There is this error:

Name “main::command_name” used only once: possible typo at ./check_http_ntlm.pl line 34.

But i have found this solution:

$command_name=~ s/n/\s/;

I don’t know If it is corect. But it works !

Leave a Reply

Your email address will not be published. Required fields are marked *