starred/uptime-kuma

Fork 0

mirror of https://github.com/louislam/uptime-kuma.git synced 2026-03-02 22:57:00 -05:00

NTLM authentication fails on certain endpoints - Cannot read properties of null (reading 'length') #4699

New issue

Open

opened 2026-02-28 04:12:15 -05:00 by deekerman · 3 comments

deekerman commented

2026-02-28 04:12:15 -05:00

Owner

Originally created by @Wisienkaa on GitHub (Feb 12, 2026).

⚠️ Please verify that your question has not already been reported

I have searched the existing issues and found no similar reports.

🛡️ Security Policy

I have read and agree to Uptime Kuma's Security Policy.

📝 Describe your problem

Hi,

I'm trying to monitor endpoints that require NTLM authentication using Uptime Kuma (v2.0.2) on Node.js v20.19.5.

When I configure a monitor with NTLM, the request fails and I get the following error in the logs:

Cannot read properties of null (reading 'length')

It seems that the response body (res.data) is null in some cases, causing the crash when the code tries to read res.data.length. Could someone help fix NTLM support so that empty responses do not cause crashes?

📝 Error Message(s) or Log

Cannot read properties of null (reading 'length')

🐻 Uptime-Kuma Version

v2.0.2

💻 Operating System and Arch

Operating System: Oracle Linux Server 9.7 (x86_64) Kernel: 5.15.0-315.196.5.1.el9uek Architecture: x86_64

🌐 Browser

N/A

🖥️ Deployment Environment

Runtime Environment:
- Docker: Version X.X.X (Build Y.Y.Y)
- Docker Compose: Version X.X.X
- Portainer (BE/CE): Version X.X.X (LTS: Yes/No)
- MariaDB: Version X.X.X (LTS: Yes/No)
- Node.js: Version X.X.X (LTS: Yes/No)
- Kubernetes (K3S/K8S): Version X.X.X (LTS: Yes/No, via [method/tool])
Database:
- SQLite: Embedded
- MariaDB: Embedded/External
Database Storage:
- Filesystem:
  - Linux: ext4/XFS/Btrfs/ZFS/F2FS
  - macOS: APFS/ HFS+
  - Windows: NTFS/ReFS
- Storage Medium: HDD/eMMC/SSD/NVMe
Uptime Kuma Setup:
- Number of monitors: 110

Originally created by @Wisienkaa on GitHub (Feb 12, 2026). ### ⚠️ Please verify that your question has not already been reported - [x] I have searched the [existing issues](https://github.com/louislam/uptime-kuma/issues?q=is%3Aissue%20sort%3Acreated-desc%20) and found no similar reports. ### 🛡️ Security Policy - [x] I have read and agree to Uptime Kuma's [Security Policy](https://github.com/louislam/uptime-kuma/security/policy). ### 📝 Describe your problem Hi, I'm trying to monitor endpoints that require NTLM authentication using Uptime Kuma (v2.0.2) on Node.js v20.19.5. When I configure a monitor with NTLM, the request fails and I get the following error in the logs: Cannot read properties of null (reading 'length') It seems that the response body (res.data) is null in some cases, causing the crash when the code tries to read res.data.length. Could someone help fix NTLM support so that empty responses do not cause crashes? ### 📝 Error Message(s) or Log ```bash session Cannot read properties of null (reading 'length') ``` ### 🐻 Uptime-Kuma Version v2.0.2 ### 💻 Operating System and Arch Operating System: Oracle Linux Server 9.7 (x86_64) Kernel: 5.15.0-315.196.5.1.el9uek Architecture: x86_64 ### 🌐 Browser N/A ### 🖥️ Deployment Environment - **Runtime Environment**: - Docker: Version `X.X.X` (Build `Y.Y.Y`) - Docker Compose: Version `X.X.X` - Portainer (BE/CE): Version `X.X.X` (LTS: Yes/No) - MariaDB: Version `X.X.X` (LTS: Yes/No) - Node.js: Version `X.X.X` (LTS: Yes/No) - Kubernetes (K3S/K8S): Version `X.X.X` (LTS: Yes/No, via `[method/tool]`) - **Database**: - SQLite: Embedded - MariaDB: Embedded/External - **Database Storage**: - **Filesystem**: - Linux: ext4/XFS/Btrfs/ZFS/F2FS - macOS: APFS/ HFS+ - Windows: NTFS/ReFS - **Storage Medium**: HDD/eMMC/SSD/NVMe - **Uptime Kuma Setup**: - Number of monitors: `110`

deekerman added the

bug

label

2026-02-28 04:12:15 -05:00

deekerman commented

2026-02-28 04:12:18 -05:00

Author

Owner

@CommanderStorm commented on GitHub (Feb 12, 2026):

@FlorianFeka I think this is the www-authenticate header being missing. What does this mean? Is this a defect in us or @Wisienkaa server?

@CommanderStorm commented on GitHub (Feb 12, 2026): @FlorianFeka I think this is the `www-authenticate` header being missing. What does this mean? Is this a defect in us or @Wisienkaa server?

deekerman commented

2026-02-28 04:12:21 -05:00

Author

Owner

@Wisienkaa commented on GitHub (Feb 16, 2026):

@FlorianFeka I think this is the www-authenticate header being missing. What does this mean? Is this a defect in us or @Wisienkaa server?

I verified the behavior on my side and the www-authenticate header is present in the initial response. The authentication flow appears to follow the standard NTLM handshake

First response: 401 Unauthorized with WWW-Authenticate: NTLM and Negotiate
After NTLM authentication succeeds, the server returns 302 Redirect
The redirect points to the actual application page, for example:
Location: https://sample-page.pl/mysiteredirect.aspx with header Persistent-Auth: true

Curl command used:
curl --ntlm -u domain_name\user:pass https://endpoint -k -L -v

So from the server, authentication and redirect seem to work correctly.
However, in Uptime Kuma the monitor fails with:
Cannot read properties of null (reading 'length') or Cannot read properties of null (reading 'headers')
Maybe the issue is when handling the NTLM authentication flow combined with the 302 redirect?

Could you please confirm whether Uptime Kuma fully supports NTLM authentication with redirects 401 > NTLM > 302?

@Wisienkaa commented on GitHub (Feb 16, 2026): > [@FlorianFeka](https://github.com/FlorianFeka) I think this is the `www-authenticate` header being missing. What does this mean? Is this a defect in us or [@Wisienkaa](https://github.com/Wisienkaa) server? I verified the behavior on my side and the www-authenticate header is present in the initial response. The authentication flow appears to follow the standard NTLM handshake - First response: 401 Unauthorized with WWW-Authenticate: NTLM and Negotiate - After NTLM authentication succeeds, the server returns 302 Redirect - The redirect points to the actual application page, for example: - Location: https://sample-page.pl/mysiteredirect.aspx with header Persistent-Auth: true Curl command used: _curl --ntlm -u domain_name\\user:pass https://endpoint -k -L -v_ So from the server, authentication and redirect seem to work correctly. However, in Uptime Kuma the monitor fails with: **Cannot read properties of null (reading 'length')** or **Cannot read properties of null (reading 'headers')** Maybe the issue is when handling the NTLM authentication flow combined with the 302 redirect? Could you please confirm whether Uptime Kuma fully supports NTLM authentication with redirects 401 > NTLM > 302?

deekerman commented

2026-02-28 04:12:21 -05:00

Author

Owner

@louislam commented on GitHub (Feb 16, 2026):

FYI, we are using axios-ntlm

This may be related issue from their repo.
https://github.com/Catbuttes/axios-ntlm/issues/4

Also we are using 1.3.0, which is an old version.
https://www.npmjs.com/package/axios-ntlm/v/1.3.0

We cannot update to the latest version due to the breaking change on their side, but not sure if they fixed redirection issue in newer versions.

@louislam commented on GitHub (Feb 16, 2026): FYI, we are using `axios-ntlm` This may be related issue from their repo. https://github.com/Catbuttes/axios-ntlm/issues/4 Also we are using 1.3.0, which is an old version. https://www.npmjs.com/package/axios-ntlm/v/1.3.0 We cannot update to the latest version due to the breaking change on their side, but not sure if they fixed redirection issue in newer versions.