URL Check page in subdirectory

Elastic Stack Beats
1

I'm getting a 404 when testing for a page that's not at the root of a site.

For instance, this URL works:

http://host:80

While this doesn't:

http://host:80/application/Default.aspx

The result of the check is a 404. This page has Windows Auth enabled. I'm specifying username/password in the config of the check. If auth wasn't working, I would have expected a 401/403. I tested with curl and Invoke-WebRequest and couldn't reproduce the behavior from Heartbeat.

2

That's interesting. Can you take a trace with wireshark and check the HTTP Request correctly including the authentication info?

3

Hi Steffen,

I did a few more tests this morning. Here's what I found:

If I target an IIS web site directly:

  • If I run the check and only Windows auth is enabled, the check fails with a 401
  • If I run the check and Basic Auth is enabled, the check passes successfully

If I target an IIS web site while going through IIS Application Request Routing (http load balancer):

  • The site has Windows Auth enabled and ASP .NET Form Based Auth, the check fails with a 404. I can see the credentials getting passed properly and the URL in the GET looks OK as well. I'm suspecting the combination of the request made with the Go-http client and this particular load balancer does something funky. The reason while the root of the site is working is because anonymous access was allowed.
4

Interesting. Well, windows auth is... something "special" not support by golibs. I found this, at least supporting ntmlssp. This library translates basic auth to ntmlssp based authentication.

Have you tried making a request via basic auth using some tool like curl?

For testing purposes all you have todo is clone the lib into the vendor/github.com/Azure folder and updated line 134 in task.go to read (well, don't forget the import):

ntlmssp.Negotiator{&SimpleTransport{
 ...
}}

I don't run windows or IIS. But I still would be interested to hear if this works.

5

Hi Steffen,

For the curl call to work, you have to specify the --ntlm switch as follow:

curl.exe http://< servername>:80/Test/iisstart.htm -u < DOMAIN>< user>:< password> --ntlm

As for making changes to the heartbeat.exe by recompiling the Go code, well, that would be a first for me. Not too familiar with Go in general! :slight_smile:

Mathieu

6

unfortunately I'm not too familiar with windows :wink:

If you want to give it a shot, you can download go compiler here + install instructions:
Once you have go in place you can use go get github.com/Azure/go-ntlmssp to get the dependency. Use git to clone beats repo into D:/Go/src/github.com/elastic/ and test your build by going to beat/heartbeat subdirectory and enter go build. If build works you can adapt task.go and recompile.

Feel free to open an enhancement request. There are a few libs supporting ntml (some seem to support v1 and v2), but evaluating those libs, adding support based on one lib (some libs seem to require quite some 'footwork') and building a fake http server for testing (that is I've no guarantee it will work with IIS, as I have no IIS available) will take quite some time. If you can confirm the 'Azure' one working (which is quite easy to use), we can add at least add experimental support to configure the authentication-method for the time being.

btw. I have no idea how to uninstall go development environment. Maybe you want to try building heartbeat in a virtual machine to throw away afterwards.

7

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.