Monitoring password protected websites

Some of our customers have asked us to add basic authentication to our HTTP checks. They want to be able to check the availability of web pages that are protected from public access by a login. So, we have enhanced our HTTP and HTTP Content checks to support basic authentication.

This means that when you set up HTTP or HTTP Content checks in NodePing’s website monitoring service, you can now include a username and password in the URL. The format is username:password@host. We already supported both http and https requests and arbitrary ports in the URL. The following URL examples are all in a valid format for NodePing HTTP and HTTP Content checks (although these are fictitious, don’t actually use these URL’s in your checks), with this enhancement rounding out the list:

• http://www.example.com
• http://couchdb.example.com:5984
• http://www.example.com/foo/bar.html
• http://www.example.com/foo/bar.html?this=that&eggs=green
• http://sam:secret@www.example.com/foo/bar.html?this=that&eggs=green

People who use this feature should be aware that HTTP basic authentication is not secure, which is one of the reasons we had not included it until now. This has required a small change to our Terms of Service to point out that we aren’t responsible for confidential information that is included in checks such as this. If you choose to include a username and password in your checks, you should take normal precautions to protect your data, including making sure that the login used for the checks is limited to no more access than is needed for the check, and avoid reusing passwords.

If you have any questions about basic authentication in HTTP or HTTP content checks, or about any aspect of our website monitoring, please don’t hesitate to ask us by emailing info@nodeping.com.