#!/usr/bin/env bash #----------------------------------------------------------------------------------- # # Author: JPH # Local Identifier: W&W Informatik # Filename: wwi_check_ssl_80_443_forwarding_plugin.sh # Description: check_ssl_80_443_forwarding # HTTP Codes: https://developer.mozilla.org/en/docs/Web/HTTP/Reference/Status # 1. Informational responses (100 – 199) # 2. Successful responses (200 – 299) # 3. Redirection messages (300 – 399) # 4. Client error responses (400 – 499) # 5. Server error responses (500 – 599) # # Changes: # Datum Author Changes # 19.02.2026 JPH initial version # #----------------------------------------------------------------------------------- # Info: # ------------------------- # Text Marker: # ( ) = OK # (?) = UNKNOWN # (!!) = CRITICAL # (!) = WARNING # # # possible return values # -------------------------- STATE_OK=0 STATE_WARNING=1 STATE_CRITICAL=2 STATE_UNKNOWN=3 TIMEOUT=2 INFO_TEXT="Usage: $0 -s " # checking the option 1 # --------------------------- if [ $# -eq 0 ]; then echo $INFO_TEXT exit $STATE_UNKNOWN fi # Breake the options # -------------------------- while getopts s:h OPTION 2> /dev/null do if [ $OPTION = ? ]; then echo "Wrong option: configuration failure: $INFO_TEXT"; exit 0; fi case "$OPTION" in s) SERVER="$OPTARG" ;; h) echo "$INFO_TEXT" exit $STATE_UNKNOWN ;; esac done if [[ -z "$SERVER" ]]; then echo "Usage: $0 " exit $STATE_UNKNOWN fi # Check Port 80 if ! timeout $TIMEOUT bash -c "echo > /dev/tcp/$SERVER/80" 2>/dev/null; then PORT_80="NOT_REACHABLE" else PORT_80="REACHABLE" fi # Check Port 443 if ! timeout $TIMEOUT bash -c "echo > /dev/tcp/$SERVER/443" 2>/dev/null; then PORT_443="NOT_REACHABLE" else PORT_443="REACHABLE" fi if [ "$PORT_80" == "NOT_REACHABLE" ] && [ "$PORT_443" == "NOT_REACHABLE" ]; then echo "OK;x_undefined;Port 80 and 443 are NOT reachable;x_undefined" exit $STATE_OK elif [ "$PORT_80" == "REACHABLE" ] && [ "$PORT_443" == "NOT_REACHABLE" ]; then echo "CRITICAL;http://$SERVER ;Port 443 is (!!) NOT reachable but port:80;x_undefined" exit $STATE_CRITICAL fi # Check HTTP Header (redirect?) #HTTP_RESPONSE=$(curl -s -o /dev/null -I -w "%{http_code} %{redirect_url}" "http://$SERVER") HTTP_RESPONSE=$(timeout $TIMEOUT bash -c "curl -m $TIMEOUT -s -o /dev/null -I -w \"%{http_code} %{redirect_url}\" \"http://$SERVER\"") HTTP_CODE=$(echo "$HTTP_RESPONSE" | awk '{print $1}') REDIRECT_URL=$(echo "$HTTP_RESPONSE" | awk '{print $2}') # Check Redirect auf HTTPS erfolgt if [[ "$HTTP_CODE" == "200" ]] && [[ "$REDIRECT_URL" == "" ]]; then echo "CRITICAL;https://$SERVER ;NO redirect from HTTP Port:80 to HTTPS Port:443 REDIRECT_URL:empty;HTTP code:${HTTP_CODE}" exit $STATE_CRITICAL elif [[ "$HTTP_CODE" == "000" ]]; then echo "CRITICAL;https://$SERVER ;NO Redirect from HTTP Port:80 to HTTPS Port:443;HTTP code:${HTTP_CODE}" exit $STATE_CRITICAL elif [[ "$REDIRECT_URL" =~ ^http:// ]]; then echo "CRITICAL;https://$SERVER ;NO Redirect from HTTP Port:80 to HTTPS Port:443, REDIRECT_URL(!!):$REDIRECT_URL ;HTTP code:${HTTP_CODE}" exit $STATE_CRITICAL elif [[ "$HTTP_CODE" =~ ^30[1278]$ ]] && [[ "$REDIRECT_URL" =~ ^https:// ]]; then ## if [[ "$HTTP_CODE" == "200" ]] && [[ "$REDIRECT_URL" == "" ]]; then ## echo "WARNING: http://$SERVER Redirect NOT clear from HTTP Port:80 to HTTPS Port:443;HTTP_CODE:$HTTP_CODE" ## exit $STATE_WARNING ## elif [[ "$HTTP_CODE" =~ ^30[1278]$ ]] && [[ "$REDIRECT_URL" =~ ^https:// ]]; then # echo "OK: ✓ HTTP Port:80 redirects properly to HTTPS Port:443; HTTP_CODE:$HTTP_CODE" echo "OK;https://$SERVER ;OK Redirect from HTTP Port:80 to HTTPS Port:443;HTTP code:$HTTP_CODE" exit $STATE_OK else #echo "CRITICAL: ✗ NO redirect from HTTP Port:80 to HTTPS Port:443 detected; HTTP_CODE:$HTTP_CODE" echo "CRITICAL;http://$SERVER ;NO redirect from HTTP Port:80 to HTTPS Port:443 detected at $SERVER;HTTP code:$HTTP_CODE" exit $STATE_CRITICAL fi echo "UNKNOWN: exit !!!" exit $STATE_UNKNOWN