Skip to content

[Endpoints] Headers not being properly sent in health check requests #1051

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
shmuelarditi opened this issue Mar 31, 2025 · 1 comment
Open

[Endpoints] Headers not being properly sent in health check requests #1051

shmuelarditi opened this issue Mar 31, 2025 · 1 comment
Labels
bug Something isn't working

Comments

@shmuelarditi
Copy link

shmuelarditi commented Mar 31, 2025
edited
Loading

Describe the bug

Gatus is not properly sending headers in health check requests, causing authentication failures when trying to access endpoints protected by Cloudflare Access. The health check requests are being redirected to the Cloudflare Access login page instead of being properly authenticated.

The issue persists regardless of whether headers are configured via environment variables or directly in the configuration.

helm values:

  config:
    endpoints:
      - name: "my-service - authenticated health check"
        url: "https://my-service.domain.com/health/ready"
        interval: 30s
        group: New-Platform-Services
        conditions:
          - "[STATUS] == 200"
          - "[BODY].status == ok"
        client:
          timeout: 10s
          headers:
            CF-Access-Client-Id: "eddxxxxxxxxxxxxxxx.access"
            CF-Access-Client-Secret: "a1a65bxxxxxxxxxxxxxxxxx"

What do you see?

  1. Health check requests to endpoints protected by Cloudflare Access are failing.
  2. The response contains HTML for the Cloudflare Access login page instead of the expected health check response (JSON).
  3. The same endpoint works correctly when accessed via curl with proper headers.
  4. Logs do not show the actual full request being sent, making debugging difficult, even on debug mode.

What do you expect to see?

  1. Gatus should properly send the configured headers with each health check request.
  2. The health check should receive the actual health check response from the endpoint.
  3. Logs should show the headers being sent with the request, and maybe even the entire request details not just answer.

List the steps that must be taken to reproduce this issue

  1. Deploy Gatus using Helm chart version 1.2.0 with Gatus image tag "stable"
  2. Configure a Gatus endpoint with headers for authentication:
endpoints:
  - name: "my-service - authenticated health check"
    url: "https://my-service.domain.com/health/ready"
    headers:
      CF-Access-Client-Id: "your-client-id"
      CF-Access-Client-Secret: "your-client-secret"
  1. Start Gatus with the configuration
  2. Observe that the health check fails and returns HTML instead of the health check response
  3. Compare with a curl request using the same headers:
curl -H "CF-Access-Client-Id: your-client-id" \
     -H "CF-Access-Client-Secret: your-client-secret" \
     https://my-service.domain.com/health/ready

### Version

- Helm Chart: 1.2.0 | Gatus Version: stable

### Additional information

reducted all the sensitive info and the actual services urls for company safety, 
please any one knows what is wrong here? curl command works perfectly fine and giving me json.
@shmuelarditi shmuelarditi added the bug Something isn't working label Mar 31, 2025
@TwiN
Copy link
Owner

TwiN commented Apr 2, 2025

client.headers is not a valid configuration, so it's not a bug per se. We'd have to add support for client headers.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@TwiN @shmuelarditi