Testing Filtering Proxies With HTTPMonitor

From OpenNMS

If you have a filtering proxy server that is supposed to allow retrieval of some URLs but deny others, you can use the HttpMonitor to verify this behavior.

For this example, let's say that our proxy server is running on TCP port 3128, and that we should always be able to retrieve http://www.opennms.org/ but never http://www.myspace.com/ (hey, this is a workplace after all!)

Add the following protocol-plugin definitions in capsd-configuration.xml:

<protocol-plugin protocol="HTTP-Allow-opennms.org" class-name="org.opennms.netmgt.capsd.plugins.HttpPlugin" scan="on" user-defined="false">
  <property key="port" value="3128"/>
  <property key="url" value="http://www.opennms.org/"/>
  <property key="timeout" value="3000"/>
  <property key="check-return-code" value="true"/>
</protocol-plugin>

<protocol-plugin protocol="HTTP-Block-myspace.com" class-name="org.opennms.netmgt.capsd.plugins.HttpPlugin" scan="on" user-defined="false">
  <property key="port" value="3128"/>
  <property key="url" value="http://www.myspace.com/"/>
  <property key="timeout" value="3000"/>
  <property key="check-return-code" value="false"/>
</protocol-plugin>

And then matching service and monitor definition for each in poller-configuration.xml:

<service name="HTTP-Allow-opennms.org" interval="300000" user-defined="false" status="on">
  <parameter key="retry" value="1"/>
  <parameter key="timeout" value="3000"/>
  <parameter key="port" value="3128"/>
  <parameter key="url" value="http://www.opennms.org/"/>
  <parameter key="response" value="200-399"/>
</service>

<service name="HTTP-Block-myspace.com" interval="300000" user-defined="false" status="on">
  <parameter key="retry" value="1"/>
  <parameter key="timeout" value="3000"/>
  <parameter key="port" value="3128"/>
  <parameter key="url" value="http://www.myspace.com/"/>
  <parameter key="response" value="400-599"/>
</service>

<monitor service="HTTP-Allow-opennms.org" class-name="org.opennms.netmgt.poller.monitors.HttpMonitor"/>
<monitor service="HTTP-Block-myspace.com" class-name="org.opennms.netmgt.poller.monitors.HttpMonitor"/>

Now discover or rescan your proxy servers. You should see the services defined above discovered and hopefully green. If at any time your proxy servers begin to block the OpenNMS page, you will get a nodeLostService event for HTTP-Allow-opennms.org. Conversely, if the proxy ever fails to block access to MySpace, you will get a nodeLostService event for HTTP-Block-myspace.com. You can use notifications to wake your proxy administrators in the middle of the night.