[ZBX-15963] HTTP agent supports non-HTTP scheme in URL field Created: 2019 Apr 09  Updated: 2019 Oct 17  Resolved: 2019 Jul 04

Status: Closed
Project: ZABBIX BUGS AND ISSUES
Component/s: Proxy (P), Server (S)
Affects Version/s: 4.2.0, 4.4.0alpha1, 4.4 (plan)
Fix Version/s: 4.0.10rc1, 4.2.4rc1, 4.4.0alpha1, 4.4 (plan)

Type: Problem report Priority: Minor
Reporter: Vjaceslavs Bogdanovs Assignee: Aleksejs Sestakovs
Resolution: Fixed Votes: 0
Labels: http, httpagent, protocols, scheme
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Team: Team C
Sprint: Sprint 51 (Apr 2019), Sprint 52 (May 2019), Sprint 53 (Jun 2019), Sprint 54 (Jul 2019)
Story Points: 0.25

 Description   

HTTP agent allows using non-HTTP scheme (make non HTTP(s) requests). For example, URL "ftp://your-server.here/" will work just fine and will return directory listing.

Currently there is no validation of scheme and this makes term HTTP agent invalid as it allows to make requests to: HTTP, FTP, POP3, IMAP, SMB, etc (https://curl.haxx.se/libcurl/c/CURLOPT_URL.html).

From the perspective of UI there are many fields that are not valid for FTP, POP3 and other protocols so for the sake of consistancy, scheme check should be introduced and only HTTP(s) scheme should be allowed in HTTP checks.



 Comments   
Comment by Aleksejs Sestakovs [ 2019 May 29 ]

Available in:

  • 4.0.9rc1 61da110a54
  • 4.2.3rc1 b659dc4dd5
  • 4.4.0alpha1 (trunk) 9dd3af7a9d
Comment by Glebs Ivanovskis [ 2019 Jun 26 ]

Regarding aaa9bfff87a:

  1. Compile Zabbix with older libcurl headers (<7.19.4);
  2. Upgrade libcurl library (≥7.19.4);
  3. All protocols are supported ("All protocols built-in" is default for CURLOPT_PROTOCOLS);
  4. PROFIT!
Comment by Alexander Vladishev [ 2019 Jun 26 ]

cyclone, at the same time you get a lot of bugs fixed in new versions of libcurl.

This fix was added because RedHat 5.0 has libcurl 7.19.4 packages.

Comment by Glebs Ivanovskis [ 2019 Jun 26 ]

I understand the motivation behind these changes (official Zabbix packages for RHEL 5 are compiled with old libcurl available in RedHat repository, but you still want Zabbix to support libcurl-dependent features like HTTP agent, web scenarios, etc.), my point is that they effectively undo (at least partially) the work done in the scope of this ticket. User may have latest version of libcurl even on the old RHEL, see ZBX-16300.

My opinion is that libcurl version should be checked in runtime as requested in ZBXNEXT-3623.

Comment by dimir [ 2019 Jun 27 ]

ZBXNEXT-3623 could help solving this issue.

Edit: ah, missed comment aboveĀ from cyclone.

Comment by Aleksandrs Saveljevs [ 2019 Oct 17 ]

We used the ftp://{$USERNAME}:{$PASSWORD}@ftp.example.com/ URLs in HTTP agent items to verify that a user can log in to an FTP server.

Yesterday, we upgraded from Zabbix 4.0.9 to Zabbix 4.0.13 and these checks stopped working due to the following error:

Cannot perform request: Protocol ftp not supported or disabled in libcurl

Any possibility of this change being reconsidered?

Comment by Vjaceslavs Bogdanovs [ 2019 Oct 17 ]

asaveljevs, at this point you were exploiting the undocumented behavior of "HTTP agent" functionality.
It was decided to make thing consistent and remove all non-HTTP protocols from HTTP agent so I don't think that this change will be reverted (at least without reworking the existing logic of HTTP agent).

Generated at Thu Mar 28 19:20:47 EET 2024 using Jira 9.12.4#9120004-sha1:625303b708afdb767e17cb2838290c41888e9ff0.