<globalhttplog>yes</globalhttplog>
<globaltimeout>240</globaltimeout>
<useragent>Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)</
useragent>
<timeout>120</timeout>
<httpauth>mywebsite.example.com:80:MyRealm:nagios:n@g10s</httpauth>
My config.xml file looks very similar to this (site URL changed to
protect the stupid). The question I have is that in my http.log of
the transaction, I never see the basic auth credentials being sent to
the server.
When I go to this URL in my browser, and capture the headers, I see
the following:
http://mywebsite.example.com/myrealm/protectedarea/
GET /myrealm/protectedarea HTTP/1.1
Host:
mywebsite.example.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:
1.9.2.8) Gecko/20100722 Firefox/3.6.8 ( .NET CLR 3.5.30729)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/
*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: JSESSIONID=D9D455EA25EBDFF38E302C5787A184A0
X-lori-time-1: 1280437658839
Authorization: Basic bmFnaW9zOm5AZzEwcw==
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-cache
Pragma: no-cache
Content-Type: application/atom+xml;charset=UTF-8
Content-Length: 3591
Date: Thu, 29 Jul 2010 21:07:39 GMT
Should I be seeing things like "Authorization: Basic
bmFnaW9zOm5AZzEwcw==" in the http.log file? The fact that I'm not
leads me to believe that webinject is not sending the credentials to
the server.
My log file looks like this:
GET
http://mywebsite.example.com/myrealm/protectedarea
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
HTTP/1.1 401 Unauthorized
Connection: close
Date: Thu, 29 Jul 2010 21:16:10 GMT
Server: Apache-Coyote/1.1
WWW-Authenticate: Basic realm="MyRealm"
Content-Length: 954
Content-Type: text/html;charset=utf-8
Client-Date: Thu, 29 Jul 2010 21:16:10 GMT
Client-Peer:
172.25.45.249:80
Client-Response-Num: 1
Client-Warning: Redirect loop detected (max_redirect = 0)
Set-Cookie: JSESSIONID=4E997446871698231FDBEA2AB98165AF; Path=/myrealm
Title: Apache Tomcat/6.0.20 - Error report
In the headers from my web browser, the first attempt to do a GET on
the URL received the 401 error, and then the user/pass dialog window
comes up, I enter the credentials and then the subsequent request
gives me a 200. Unfortunately with my webinject testcases every
subsequent request for this URL gives me the 401.
Any help/guidance would be appreciated as I think I'm following the
procedure in the manual, but must be missing something somewhere along
the way. Thanks in advance.