I use post man and I am able to run a request perfectly fine with status 200
https://abc/api/
when I try Jmeter I keep getting 403 forbidden
GET https://abc/api/
I get
<html>
<head><title>403 Forbidden</title></head>
<body bgcolor="white">
<center><h1>403 Forbidden</h1></center>
</body>
</html>
Sampler request
Thread Name: 0-test1-1
Sample Start: 2019-07-22 11:07:12 PDT
Load time: 485
Connect Time: 378
Latency: 485
Size in bytes: 287
Sent bytes:236
Headers size in bytes: 153
Body size in bytes: 134
Sample Count: 1
Error Count: 1
Data type ("text"|"bin"|""): text
Response code: 403
Response message: Forbidden
HTTPSampleResult fields:
ContentType: text/html
DataEncoding: null
My response headers are
HTTP/1.1 403 Forbidden
Server: aws../2.0
Date: Mon, 22 Jul 2019 18:13:06 GMT
Content-Type: text/html
Content-Length: 134
Connection: keep-alive
Note sure if that is
I also set my port to 443 because it is https
I was able to get content-type to application/json but still get 403, I do notice that my content-length is 0
I figured it out it was indeed the User-agent, I forced my Jmeter in header manager
User Agent --> Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36 it worked
Maybe you need add into the header of the request
Content-Type: application/json
Related
i am trying to load test my application. But when i try to run the recorded scripts through jmeter, i get 401 Unauthorized error only on few particular pages. The script runs while Login page but gives errors on other pages. I need to run this whole scenario using multiple users (CSV file)
this is the Request Tab:
POST data:
{"searchObject":{"LastName":"","FirstName":"","RoleId":"","StatusId":"","sortOrder":"Id","isAsc":"False","isInactivated":false,"tempDataFlag":"True"},"isSorting":"false","listName":"CreissStaffList"}
Cookie Data:
ASP.NET_SessionId=0zqlv4t4ayszinlteqgnlrvg; __RequestVerificationToken=mmFzWMMfWojIH9J-32ylhW_8oseKWMP84XRZALQmUh0VfGmflM_kVW3b1MmWYLJ5ySCIezacyBFYplhzTSWMeo7CnMh2j14sD10qX2S_fq41
Request Headers:
Connection: keep-alive
Referer: https://www.creissmed.de/Admin/UserList
Accept-Language: en-US,en;q=0.5
X-Requested-With: XMLHttpRequest
Content-Type: application/json; charset=utf-8
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0
Accept: application/json, text/javascript, */*; q=0.01
Content-Length: 199
Sampler Result:
Thread Name: Thread Group 1-1
Sample Start: 2016-02-17 17:17:05 IST
Load time: 142
Connect Time: 0
Latency: 142
Size in bytes: 1599
Headers size in bytes: 255
Body size in bytes: 1344
Sample Count: 1
Error Count: 1
Response code: 401
Response message: Unauthorized
Response headers:
HTTP/1.1 401 Unauthorized
Cache-Control: private
Content-Type: text/html
Location: /
Server: Microsoft-IIS/8.5
X-AspNetMvc-Version: 4.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Wed, 17 Feb 2016 11:47:03 GMT
Content-Length: 1344
HTTPSampleResult fields:
ContentType: text/html
DataEncoding: iso-8859-1
This is what the HTTP Request Page looks like:
Path: /Admin/GetListData
BODY PARAMETERS :
{"searchObject":{"LastName":"","FirstName":"","RoleId":"","StatusId":"","sortOrder":"Id","isAsc":"False","isInactivated":false,"tempDataFlag":"True"},"isSorting":"false","listName":"CreissStaffList"}
I am getting erros only on GetListData HTTP Request Pages
Thanks in advance!
Add View Results Tree listener and inspect response details. If you don't see error message it doesn't necessarily mean that login succeeded, despite HTTP Response Code 200 the page may contain errors.
You may have to do some handling of the __RequestVerificationToken as at is anti-cross-site-forgery implementation and you'll need to do some correlation in order to bypass it. See How to Load Test CSRF-Protected Web Sites guide for comprehensive explanation and possible options.
I have a Java program which forwards the HTTP request from clients to INTERNET and write back the response to client. But when clients trying Google.com from their browser i am getting 302 found Response from Internet.
Here is the Request from client :
GET http://google.com/ HTTP/1.1
Host: google.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.118 Safari/537.36 OPR/28.0.1750.51
DNT: 1
Accept-Encoding: gzip, deflate, lzma, sdch
Accept-Language: en-US,en;q=0.8
Cookie: PREF=ID=0168c274e46046ff:FF=0:LD=en:TM=1427909641:LM=1428321915:GM=1:S=HGTpo1ahuPUd4Nu2; SID=DQAAAPgAAACOH1NUVCRnVJfjL-W4MtbTmqx9yY1Wbra4LM7D8_uslXU_43zD4QrZl4eHqBuukNoKFw0gD68Vt7DltSgBrOoVRufDgeLImP8321g2-IxjmtqwjJoI9sSM3YEwC5ZvnTNyrwuHhBp-zZqImsaHshVmvt8GEV1WDFHs4OZ74g219CeKYztHKjsQLDS_yZ725qsIKWjvbb_NlnO5IqktZ0Q6JXIMRPzshZQvoq7ZiwH9RfiIASpHIiFC1XDwrMZDcbONpKCke2QxZtmxSPfUHXuBx53bJOZFHUrcAJAvihBAXoFwZHUr2beVtRuLe1w8blbt6AGTy9dT9gZ9nVjeSHzK; HSID=Aso16-EnwP4siCr5Q; APISID=DIHL_mSdprkZSELD/AjGWXXsjCWUT9FEuy; NID=67=DGyWJrkoHYqgDmpEMmQVlnzZQLlwGNTxbAZ8--PQeTPlZ4SbL3AbFNP40h0NOI3ztb_6SkDTHwGJonmESsToDR6Vkmur0VST-6k34xVvQM9FQH_PaoMrK8O6kT0Avd8FIITl7G7ERJbvbwWIsCuhIwZOR2cj2r6aCmnM27A
This is the Response i got :
HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Location: http://www.google.co.in/?gfe_rd=cr&ei=Uhw7Vbe6H_PI8Ae_qICIBA
Content-Length: 261
Date: Sat, 25 Apr 2015 04:47:14 GMT
Server: GFE/2.0
Alternate-Protocol: 80:quic,p=1
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
here.
</BODY></HTML>
Is this because Google using HTTPS instead of HTTP. and it is trying to redirect the request...?
But how i should process this reply?
I send the same response to client. But no redirection is happening,
What should i do?
From the Location header in the Http Response, seems that Google detected that the call came from India and it's redirecting the call to Google India i.e. http://www.google.co.in/?gfe_rd=cr&ei=Uhw7Vbe6H_PI8Ae_qICIBA.
When you get a 302 response your client should react properly and follow the call to the Location header.
Sometimes it is an issue about ipv6 transaction against ipv4.
Try disable ipv6 in your server and reboot with:
echo net.ipv6.conf.all.disable_ipv6=1 > /etc/sysctl.d/disableipv6.conf
I used HTTP Chache Manager to Cache files which are being cached in browser. I am successful of doing it for some of the pages. Number of files being cached in Jmeter is equal to Number of files being cached by browser.
But in some cases :
I found number files being cached is lesser than the files being cached by browser.
Using Jmeter I found only 5 files are being cached but in real browser 12 files are getting cached.
Header for one file which is cached in Chrome but not in Jmeter
Header in Chrome Browser:
Remote Address:
Request URL:
Request Method:GET
Status Code:304 Not Modified
Request Headersview source
Accept:image/webp,/;q=0.8
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-GB,en;q=0.8,it-CH;q=0.6,it;q=0.4,ar;q=0.2
Cache-Control:max-age=0
Connection:keep-alive
Cookie:
Host:
If-Modified-Since:Thu, 16 Jan 2014 16:38:32 GMT
If-None-Match:W/"1242-1389890312000"
Referer:
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36
Response Headersview source
Cache-Control:private
Connection:keep-alive
Date:Wed, 11 Jun 2014 09:57:49 GMT
ETag:W/"1242-1389890312000"
Expires:Thu, 01 Jan 1970 00:00:00 GMT
Server:
Header in JMeter:
Thread Name: Thread Group 1-2
Sample Start: 2014-06-11 15:18:56 IST
Load time: 326
Latency: 326
Size in bytes: 1541
Headers size in bytes: 299
Body size in bytes: 1242
Sample Count: 1
Error Count: 0
Response code: 200
Response message: OK
Response headers:
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: private
Content-Type: image/png
Date: Wed, 11 Jun 2014 09:48:53 GMT
ETag: W/"1242-1389890312000"
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Last-Modified: Thu, 16 Jan 2014 16:38:32 GMT
Server:
Content-Length: 1242
Connection: keep-alive
Thanks in advance
Have you tried to tick Use Cache Control/Expires header when processing GET requests box which simulates real browser behavior and matching content is returned immediately without actual request being made.
Another possible reason is exceeding Max Number of elements in cache threshold which defaults to 5000.
See Using the HTTP Cache Manager guide for further explanations and recommendations.
I am trying to upload a file using extjs 4 and Spring 3.1. The file uploads properly but I keep getting errors on the response. Initially the error was:
Ext.Error: You're trying to decode an invalid JSON String: {"success":true,"msg":"The upload was successful"}
So after researching I saw it said the response content-type should be text/html. I changed my controller to send text/html using the produces tag in the #RequestMapping annotation. Now I get a Http Error 406. But looking at the Accept headers the browser should be able to accept text/html.
http://localhost:9081/gppRenewalQuestionnaire/uploadExpenditure.htm
POST /gppRenewalQuestionnaire/uploadExpenditure.htm HTTP/1.1
Host: localhost:9081
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20100101 Firefox/17.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Referer: http://localhost:9081/gppRenewalQuestionnaire/index.htm?nanda=C37843
Cookie: JSESSIONID=0000a7q2lUHepKNFfO__YaUIAZ-:-1
Content-Type: multipart/form-data; boundary=---------------------------23281168279961
Content-Length: 16056
-----------------------------23281168279961
Content-Disposition: form-data; name="owner"
772
-----------------------------23281168279961
Content-Disposition: form-data; name="rq"
439
-----------------------------23281168279961
Content-Disposition: form-data; name="fileData"; filename="GIGNotes.docx"
Content-Type: application/vnd.openxmlformats-officedocument.wordprocessingml.document
PK
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Content-Language: en-US
Transfer-Encoding: chunked
Date: Mon, 14 Jan 2013 14:26:46 GMT
Server: WebSphere Application Server/6.1
----------------------------------------------------------
Anybody have any ideas?
Sorry folks. A colleague looked at this issue for about 20 minutes and solved it. He said I didn't have the #ResponseBody annotation on the controller method that was processing the upload. I believe I did but I can't prove that. Oh well, it is working and that's what counts. :-)
I've implemented a web application that takes advantage of CORS to gather JSON data from another server. The servers run on different subdomains. Everything seems implemented correctly, and it works fine with Chromium. Below is a copy of my requests, from Chromium.
My problem is that in Firefox (tested with 13.0.1), no request is ever made for my AJAX resource. No preflight request is ever sent, and no actual request is made. Instead, I get this error, from the XMLHttpRequest.send() function:
[21:40:27.546] uncaught exception: [Exception... "Access to restricted URI denied" code: "1012" nsresult: "0x805303f4 (NS_ERROR_DOM_BAD_URI)" location: "http://192.168.1.99:2502/static/mootools-core-1.4.5.js Line: 5398"]
I am using Mootools' Request.JSON object, which sets various extra headers, meaning that a preflight would indeed be required. However, it is never sent.
Unfortunately, JSONP is not an option, as the data is sensitive.
Does anyone have insight into what the problem could be?
Thanks very much.
Working example, from Chromium:
Preflight request:
OPTIONS /api/resource HTTP/1.1
Host: dev0.mydomain.com
Connection: keep-alive
Access-Control-Request-Method: GET
Origin: http://192.168.1.99:2502
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.19 (KHTML, like Gecko) Ubuntu/12.04 Chromium/18.0.1025.151 Chrome/18.0.1025.151 Safari/535.19
Access-Control-Request-Headers: origin, x-request, x-requested-with, accept
Accept: */*
Referer: http://192.168.1.99:2502/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: [redacted]
Preflight response:
HTTP/1.0 200 OK
Server: PasteWSGIServer/0.5 Python/2.7.3
Date: Fri, 29 Jun 2012 01:43:37 GMT
Content-Length: 0
Access-Control-Allow-Headers: Cookie, Origin, X-Request, X-Requested-With, Accept
Access-Control-Max-Age: 1
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: http://192.168.1.99:2502
Access-Control-Allow-Methods: GET
Content-Type: text/html; charset=UTF-8
"Real" request:
GET /api/resource HTTP/1.1
Host: dev0.mydomain.com
Connection: keep-alive
Origin: http://192.168.1.99:2502
X-Request: JSON
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.19 (KHTML, like Gecko) Ubuntu/12.04 Chromium/18.0.1025.151 Chrome/18.0.1025.151 Safari/535.19
Accept: application/json
Referer: http://192.168.1.99:2502/
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: [redacted]
"Real" response:
HTTP/1.0 200 OK
Server: PasteWSGIServer/0.5 Python/2.7.3
Date: Fri, 29 Jun 2012 01:43:37 GMT
Access-Control-Allow-Origin: http://192.168.1.99:2502
Content-Type: text/html; charset=UTF-8
Content-Length: 22
Access-Control-Allow-Credentials: true
The answer is given in the comments to the question. Firefox was not sending the request due to the HTTP authentication username I had provided.