Create, update and delete HTTP records for authenticated scans of protected portions of web sites and devices, like printers and routers, that require HTTP protocol level authentication. Vulnerability scans are supported (using VM).
How it works – During a vulnerability scan, if we come across a web page that requires HTTP authentication then we’ll check to see if an HTTP record exists in your account with applicable credentials. If yes, we’ll use the credentials in the record to perform HTTP authentication. (Note this is not Form-based authentication.)
|
Parameter |
Required/Optional |
Data Type |
Description |
|---|---|---|---|
|
action={action} |
Required | String |
Specify create, update, delete (using POST) or list (using GET or POST). See List Auth Records for type |
|
echo_request={0|1} |
Optional | Integer |
Specify 1 to view (echo) input parameters in the XML output. By default these are not included. |
|
ids={value} |
Required to update or delete record | Integer |
One or more HTTP record IDs. |
|
title={value} |
Required to create record | String |
The record title. |
|
comments={value} |
Optional | String |
User defined comments. |
|
username={value} |
Required to create record, optional to update record | String |
The user name to be used for authentication. |
|
password={value} |
Required to create record, optional to update record | Alphanumeric |
The password to be used for authentication. Maximum 100 characters (ascii). |
|
vhost={value} - or - realm={value} |
Required to create record; optional to update record | Integer |
Specify the protected device or web page you want to authenticate against. You can specify a virtual host (an FQDN such as vhost=bank.qualys.com) or the name of a realm (realm=My+Homepage). |
|
ssl={0|1} |
Optional to create or update record | Integer |
Specify 1 if you want to attempt authentication over SSL only. In this case authentication is attempted only when the form is submitted via a link that uses https://... |
API request
curl -u "USERNAME:PASSWORD" -H "X-Requested-With: curl" -d "action=create&username=jsmith&password=abc123&title=My+HTTP+Record+1&realm=My+Homepage" "https://<qualys_base_url>/api/2.0/fo/auth/http/"
XML output
<?xml version="1.0" encoding="UTF-8" ?> <!DOCTYPE BATCH_RETURN SYSTEM "https://<qualys_base_url>/api/2.0/batch_return.dtd"> <BATCH_RETURN> <RESPONSE> <DATETIME>2018-01-03T08:02:44Z</DATETIME> <BATCH_LIST> <BATCH> <TEXT>Successfully Created</TEXT> <ID_SET> <ID>55112</ID> </ID_SET> </BATCH> </BATCH_LIST> </RESPONSE> </BATCH_RETURN
API request
curl -u "USERNAME:PASSWORD" -H "X-Requested-With: curl" -d"action=create&username=jsmith&password=abc123&title=My+HTTP+Record+2&vhost=bank.us.corp1.com"
XML output
<?xml version="1.0" encoding="UTF-8" ?> <!DOCTYPE BATCH_RETURN SYSTEM "https://<qualys_base_url>/api/2.0/batch_return.dtd"> <BATCH_RETURN> <RESPONSE> <DATETIME>2018-01-03T07:51:48Z</DATETIME> <BATCH_LIST> <BATCH> <TEXT>Successfully Created</TEXT> <ID_SET> <ID>55111</ID> </ID_SET> </BATCH> </BATCH_LIST> </RESPONSE> </BATCH_RETURN>
<platform API server>/api/2.0/batch_return.dtd
<platform API server>/api/2.0/fo/auth/http/auth_http_list_output.dtd