blackbox_exporter icon indicating copy to clipboard operation
blackbox_exporter copied to clipboard

Published 20 hours ago verified publisher icon prometheus

Added log line for received html body.

Open pgmgb opened this issue 2 years ago • 8 comments

We had some troubles identifying why a specific HTTP probe with a fail_if_body_matches_regexp did not work for a specific website. In the end, the website started to deliver compressed data, so the regex was not working. For identifying such cases, printing the received HTML body would be handy.

pgmgb avatar Feb 22 '22 07:02 pgmgb

Historically I purposefully never logged this or returned headers as they often will contain secrets, plus it would be very spammy as it could be MB of data.

brian-brazil avatar Feb 22 '22 07:02 brian-brazil

Or would it be possible / an option to add another "debug" switch like log_html_body? It was quite a pain to debug this issue because the website was showing fine in the browser, but the check was not working...

pgmgb avatar Feb 22 '22 08:02 pgmgb

Additionally to @brian-brazil's concerns about secrets, this would make the blackbox exporter an open proxy, creating security hazard for the majority of users.

roidelapluie avatar Feb 22 '22 08:02 roidelapluie

@brian-brazil & @roidelapluie You would generally not add a possibility to debug the HTML body? For me as a consumer of blackbox exporter, it would be handy to have this option. So I could debug why something does not work as expected.

pgmgb avatar Feb 23 '22 07:02 pgmgb

Would it be an option to have a command line flag to simulate a probe? so we do not expose the feature over the network.

roidelapluie avatar Jun 21 '22 13:06 roidelapluie

are there any news about this MR? In my case, i would like to check that an iframe is well loaded by verifing her html centent. The URL of the iframe is well secured, i mean that securities aspect are maintained by the application of the iframe.

Develoman avatar Oct 13 '22 10:10 Develoman

@brian-brazil's concern totally makes sense. But the body of some ping target responses are simple text without secrets and in just a few bytes, such as "OK", "READY", "HEALTHY", etc.

I would agree with @roidelapluie's & @pgmgb's opinion. It is great to have the ability letting end users decide whether to enable this feature.

To reduce the security impact to most users, this feature is turned off by default.

soasme avatar Nov 09 '22 08:11 soasme

@roidelapluie I would be happy with any debug option (plus documentation), which does not need any modification of the source code (which I had to do in my case) :thumbsup:

pgmgb avatar Nov 09 '22 08:11 pgmgb