Forum Discussion

lcravopt's avatar
lcravopt
Icon for Altostratus rankAltostratus
Apr 01, 2025
Solved

Health Check is returning HTTP code 302

Hi, I'm testing a security change that was made in out .NET application, in order for the SessionId to be encrypted. In practice our application has 2 cookies ASP.NET_SessionId and .AUTHTOKEN. Wh...
health check
security
  • lcravopt's avatar
    lcravopt
    Apr 15, 2025

    So, internally, together with the DEV and IT teams, we decided to exclude the page used in the health check from the authentication (code change).

    This way it will stop to be necessary to have the cookies SessionId and AuthToken, thus the GET will return HTTP status code 200.

     

    Thank you for all your help.

lcravopt's avatar
lcravopt
Icon for Altostratus rankAltostratus
Apr 03, 2025

If I do the request like:

C:\>curl --ntlm -u: https://myserver/ACP_SEC/Pages/Diag.aspx?fun=availability

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="/ACP_SEC/Pages/Diag.aspx?fun=availability">here</a>.</h2>
</body></html>

 

If I do the request like (passing cookies ASP.NET_SessionId and .AUTHTOKEN) I get:

C:\>curl --ntlm -u: -v --cookie "ASP.NET_SessionId=oq31muonjispmsqga; .AUTHTOKEN=JfHveRBZ083UOL2dmoR4mDBjsPlgKHKqO0o0xjuZHIXpzceVRd+fmhgGf4R8l28Vm6UNrzn7uxE5zBDxAt4r1ceuN5F4UlcC+lgp" https://myserver/ACP_SEC/Pages/Diag.aspx?fun=availability

* Request completely sent off
< HTTP/1.1 200 OK
< Cache-Control: private
< Content-Length: 309
< Content-Type: application/xml
< Expires: Mon, 01 Jan 0001 00:00:00 GMT
< Content-Disposition: inline; filename=DiagInfo.xml
< Persistent-Auth: true
< Date: Thu, 03 Apr 2025 22:32:14 GMT
<
<?xml version="1.0"?><test url="https://myserver/ACP_SEC/Pages/Diag.aspx?fun=availability" name="Availability" time="04/03/2025 23:32:14" duration="0"><result description="Call to Frontend was successful." expected="Ok" status="Ok" type="Ok" /><description>Frontend</description></test>* Connection #0 to host myserver left intact

 

Is possible in the Health Monitor Send string to add a cookie parameter?

 

  • Injeyan_Kostas's avatar
    Injeyan_Kostas
    Icon for Nacreous rankNacreous
    Apr 04, 2025

    It is but whatever cookie you put there will be expired at some time.

    I suggest to keep using the same string but accept 302 as valid response in health monitor.