How to check HTTP response code of a secured website with Nagios?

I have tried using check_http but I get success even if the website is redirected to an error page

This can be solved with check_http --expect. Here is the documentation from check_http --help:

-e, --expect=STRING Comma-delimited list of strings, at least one of them is expected in the first (status) line of the server response (default: HTTP/1.) If specified skips all other status line logic (ex: 3xx, 4xx, 5xx processing)

The following example will return an 'OK' for a 200 OK HTTP response code, but will give a critical error for a 302 redirect.

host % check_http --expect=200
HTTP CRITICAL - Invalid HTTP response received from host: HTTP/1.0 301 OK

For a secure website (over SSL), and authentication, also check out the check_http --ssl and the --authorization flags.

-S, --ssl Connect via SSL. Port defaults to 443

-a, --authorization=AUTH_PAIR Username:password on sites with basic authentication

Or, perhaps you don't actually want to log into the system but just want to make sure that the page requires a username/password, because that username/password can become a security concern. In that case, try something like the following/ 401 is the HTTP response code for 'Unauthorized' or 'Authorization Required'-- the 401 is mandatory, the text string afterwards is optional and may say one of several different things, so I just tell Nagios to expect 401.

check_http --expect="401"

You can create more complex checks (in the spirit of Behavior Driven Development/Monitoring) with Cucumber-Nagios.