Check contents in URL or HTTP test

pvdc · Post by **pvdc** » Wed May 10, 2006 6:34 am

Hi,
I have some secure websites that I would like to monitor. I can get an answer "host is alive" whether I provide credentials or not. 1) How can I make sure that I (= the test) have logged in to make sure the site is functional? It does work interactively... 2) If I check the button "Check contents" and I provide some text from the page, I always get a "bad content" reply. I cannot get this solved. Is there any logging available?
I tried for URL and HTTP as well, same result.

HM 5.66, enterprise lic. on W2K3 server, in gui. Thanks for any help.
Peter

Yoorix · Post by **Yoorix** » Wed May 10, 2006 8:02 am

pvdc wrote:I have some secure websites that I would like to monitor. I can get an answer "host is alive" whether I provide credentials or not.

I assume, when you did not provide credentials, you were getting page with HTTP Error 401.2 "You are not authorized to view this page" or "Forbidden" or something like that. In such case status "host is alive" is correct.

pvdc wrote:1) How can I make sure that I (= the test) have logged in to make sure the site is functional? It does work interactively...

There are no such log. What you see if you are trying to run this URL in web browser?

pvdc wrote:2) If I check the button "Check contents" and I provide some text from the page, I always get a "bad content" reply. I cannot get this solved. Is there any logging available?

I think, problem is you have no access to that page and web server gave you foregoing pages ('not authorized' or "forbidden")

What authentification method is used on these secure websites? Basic? NT integrated?

Could you provide here one of those urls?

Regards,
Yoorix

pvdc · Post by **pvdc** » Wed May 10, 2006 8:26 am

Hi Yoorix,
1) if I don't provide any credentials, I get a page where I can input them...
Further, it is not possible to type an address of a customized page into the address bar, because it needs the credentials to define what that page should be.
2) I mean by this: can I see whether the result of a test is different if I provide incorrect credentials.
3) If you mean some kind of a login page, I agree. But there is no error or security warning.
I do have more info and URLs, but I would (should) rather not publish it. Can I provide them to you in another way?
Thanks for your help. Peter

Yoorix · Post by **Yoorix** » Wed May 10, 2006 8:59 am

pvdc wrote:1) if I don't provide any credentials, I get a page where I can input them...
Further, it is not possible to type an address of a customized page into the address bar, because it needs the credentials to define what that page should be.

Ah-ha. Now I understand. You have implemented your own security(e.g cookie based) and you get page with html form you have to input credentials. Am I right? If yes, I do not think HM is able to fill HTML forms and posts them.

pvdc wrote:2) I mean by this: can I see whether the result of a test is different if I provide incorrect credentials.

If you provided wrong credentials, HM would show "Bad" status. But it works regarding standard authentification methosd. In your case status always will be "Host is alive".

pvdc wrote:I do have more info and URLs, but I would (should) rather not publish it. Can I provide them to you in another way?

If my guessing is right, I do not need URL. I can suggest you to check not this url exactly, but action of html form. If built-in html form uses GET method, you should compose URL using html syntax, e.g http://www.somesite.com/check_credentia ... sword=test
It might help.

Regards,
Yoorix

pvdc · Post by **pvdc** » Wed May 10, 2006 9:11 am

Hi,
1) correct
2) correct
3) correct, good hint. I'll contact our development team to verify and see if I can arrange a test.
Thanks for your help! Peter

KS-Soft · Post by **KS-Soft** » Wed May 10, 2006 11:05 am

If your web server uses custom made authentication, then "Password protected page" option of the test will not work. This option designed for standard web authentication.
Yoorix is right, if you are using form, you should send parameters in different way:
- use URL string to send parameters if your web form and script uses GET method
- use HTTP test method and "Post data" option if your web form uses POST method

Regards
Alex

pvdc · Post by **pvdc** » Wed Jun 14, 2006 8:56 am

Hi,
I found an URL that works similar to the page I want to use. But I don't have a clue what the syntax of my HTTP POST test should be. Could you pls give me a hint using this url?
https://www.commvault.com/mainadv.asp?r ... /index.asp

Thanks a lot,
Peter

KS-Soft Europe · Post by **KS-Soft Europe** » Wed Jun 14, 2006 9:50 am

You should set HTTP test up.
URL: https://www.commvault.com/mainadv.asp
Request: POST
Check "Folow Redirect"
Post Data: reason=denied_empty&script_name=/mainadv/index.asp&path_info=/mainadv/index.asp

Also you shoud enable "Allow per-session cookies", I suppose.

Regards,
Max

pvdc · Post by **pvdc** » Wed Jun 14, 2006 2:10 pm

Hi Max,
thanks for your quick answer. Next part is: can I use a userid and a password to send along (in this syntax), and than let the test decide if this combination could login, by verifying some content on the next (=login-confirmation) page?
Thanks, Peter

KS-Soft Europe · Post by **KS-Soft Europe** » Wed Jun 14, 2006 2:19 pm

pvdc wrote:can I use a userid and a password to send along (in this syntax), and than let the test decide if this combination could login, by verifying some content on the next (=login-confirmation) page?

I think, you should read following post http://www.ks-soft.net/cgi-bin/phpBB/vi ... t+url+http

Regards,
Max

KS-Soft

Check contents in URL or HTTP test

Check contents in URL or HTTP test

Re: Check contents in URL or HTTP test

Thanks for your quick reply!

Re: Thanks for your quick reply!

You got it!

similar page to test with

what about login confirmation?

Re: what about login confirmation?