[Check_mk (english)] Check_MK Analyze config warns about http

Mäkelä, Antti Antti.Makela at vintor.fi
Thu Feb 21 18:09:17 CET 2019


Hi,

  the new 1.5.0 has "analyze config" functionality.

  It gives warning for several of our sites:

WARN: Site is using plain HTTP. Consider enabling HTTPS. (!)

  All well and good, but site *is* using HTTPS.What is needed to get rid of this warning? 

  I look at the source code and it says simply

    def execute(self):
        if html.is_ssl_request():
            yield ACResultOK(_("Site is using HTTPS"))
else:
            yield ACResultWARN(_("Site is using plain HTTP......

  So ok, it's checking whether the request came in as SSL.

  Well, *all* the requests come in as plain HTTP due to the fact that we are running Apache in "own" mode, under port 5000, and the "primary" Apache of the site actually grabs the incoming HTTPS and proxies it in plaintext to port 5000 on the localhost. I wouldn't consider this to be a security problem.

  However, am I missing something here? Or can I just ignore this warning? I thought that the best practice is to have a site run it's own webserver that is only accessible to localhost?

--
- Dr. Antti Mäkelä | Senior Architect | CCIE #20962 -
- Vintor Oy, Itsehallintokuja 6, 02600 Espoo | www.vintor.fi -


More information about the checkmk-en mailing list