-
Notifications
You must be signed in to change notification settings - Fork 15
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Send parameters in body instead of query #5
Comments
Hi! Thank you! It was a mistake, that I thought Zabbix would put the query fields in the body too. I will change the template. Maybe it would be enough to put the api key only in the body. |
Good idea, so I can see when the server retrieves which operation. <item>
<name>PHP Version</name>
<type>HTTP_AGENT</type>
<key>typo3_GetPHPVersion</key>
<delay>1d</delay>
<trends>0</trends>
<value_type>TEXT</value_type>
<applications>
<application>
<name>TYPO3</name>
</application>
</applications>
<preprocessing>
<step>
<type>JSONPATH</type>
<params>$.value</params>
</step>
</preprocessing>
<timeout>5s</timeout>
<url>http://{HOST.CONN}/zabbixclient/</url>
<query_fields>
<query_field>
<name>operation</name>
<value>GetPHPVersion</value>
</query_field>
</query_fields>
<posts>key={$TYPO3_CLIENT_KEY}</posts>
<follow_redirects>NO</follow_redirects>
<request_method>POST</request_method>
<verify_peer>YES</verify_peer>
</item> |
Will be fixed in next release. 52f10b7 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi,
currently, when i use the template from this extension, the api key and all other parameters are send via query string.
So the api key will be send unencrypted and will be stored in some logs like the access log.
This must be changed for safety reasons necessarily.
I have changed my items from query string to raw body ans all works like before without any security concerns.
For example my change for the PHP Version Item:
Before:
After:
The text was updated successfully, but these errors were encountered: