application icon

Scrutiny 12 Authentication

With great power comes great responsibility


configuration

Authentication

Scrutiny can check some sites which require authentication. Be aware that switching on this setting can damage your site, including deleting your pages.

Yes, really, some content management systems have buttons for managing pages, including deleting pages, which look like links to Scrutiny.

If you are going to attempt to crawl a site with authentication and have such controls on your website, then:

- try to exclude such controls from being checked by using 'Don't check links containing'
- make sure you don't scan the 'admin' interface of your site
- log in using a user account with only 'reader' rights
- make sure your site is backed up and you are prepared to restore if the worst happens
- It's also important to blacklist (with 'do not check') your logout link(s), eg set up a rule that says 'don't check urls containing logout' (or whatever)

Getting authentication to work can take some trial and error - there's a thorough article here (external link)

Most of the time you can simply use the Log In button and authenticate within the browser window that opens. If you use this method, it's probably essential to locate the 'log out' link on your site and make a rule to ignore or at least 'not check' that url. eg "ignore urls that contain /logout". Otherwise the authentication may work but Scrutiny will log itself out when it finds that link on the first page.

Custom POST form fields

Additional field names and values can be included in the post body of the server request sent to your starting url.

Custom Request Header Fields

These field names and values are included in the server request header sent to all urls.