Version

All

Date

16 Nov 2011

Summary

Argent Defender does not seem to detect HTTP errors (e.g. HTTP 401, HTTP 500)

A network capture program proves that an HTTP error code is indeed being returned

Technical Background

When IE requests a page that does not exist or is not authorized to view, two situations can happen depending on how web server is configured:

1. No special configuration is done at server side, HTTP error codes like 401, 403, 404, 500 are returned to IE. Argent Defender can detect this.

2. Web server is configured to return a pre-configured, custom or default error page. In this case, in the eye of Argent Defender, a normal page is returned. The HTTP code is 200 and no error is detected

Resolution

To detect this kind of configuration, we need to use the keyword ‘TestStringExist’ or ‘ElementExist’ to identify the error page.

Sample Script:

Navigate "http://127.0.0.1/Argent_Commander/enterprise.asp"



If TestStringExist("Unauthorized", bIgnoreCase, bUseInnerText) then

	

	FireAlert "Unauthorized Access - Login Error", "compare_string"



End If