Rails2.0 added an 'authenticity_token' to all web-forms to prevent some types of attack to web applications. I have been unable to get zabbix to perform form submissions (POST) to these sites. For example, this is the difference between a rails1.2 and rails2.0 login form, as seen from zabbix.
rails1.2. I simply add 'login=xxx&password=yyy' to the POST fields of the http://my.host.com/login url. I add the response content test for 'logged in' and this succeeds. So my web-site availability scenario can include login, perform some user action, and logout.
rails2.0. Needs something like 'login=xxx&password=yyy&authenticity_token=zzz' in the POST fields. The problem is that the authenticity token is found from a hidden field in the form itself (generated by the form builder). So zabbix needs to read the previous page, use a regex to find and extract the field into a variable, and then add that to the POST fields with authenticity_token={auth_token}.
I am using zabbix-server 1.4.2 on ubuntu hardy-heron (the choice of zabbix version is based on what ubuntu provides by default).
So, any ideas how to do this?
rails1.2. I simply add 'login=xxx&password=yyy' to the POST fields of the http://my.host.com/login url. I add the response content test for 'logged in' and this succeeds. So my web-site availability scenario can include login, perform some user action, and logout.
rails2.0. Needs something like 'login=xxx&password=yyy&authenticity_token=zzz' in the POST fields. The problem is that the authenticity token is found from a hidden field in the form itself (generated by the form builder). So zabbix needs to read the previous page, use a regex to find and extract the field into a variable, and then add that to the POST fields with authenticity_token={auth_token}.
I am using zabbix-server 1.4.2 on ubuntu hardy-heron (the choice of zabbix version is based on what ubuntu provides by default).
So, any ideas how to do this?
Comment