Automating HTTP Authentication with Scripting
The Problem with HTTP Headers
Network appliances—such as broadband routers, wireless access points, and network-attached storage adapters—are ubiquitous in today’s home network. In my network, as an example, I have all three types of appliances:
- A broadband router connects my consumer DSL line to my home network.
- A separate access point serves up the wireless connectivity.
- A network-attached storage (NAS) adapter provides the machines on the network with ample backup and archive storage space.
Each of these devices provides a web-enabled control and configuration interface (as shown in Figure 1) that makes setting up and administering the device quite easy.
Figure 1 Web configuration screen for a Netgear wireless access point.
The internal web server that provides the web interface is fairly basic, but behaves almost exactly like any other web server on the Internet. (In fact, most of the devices use the Apache server for their web services.)
Thankfully, such devices also make use of HTTP authentication (HTTP-Auth) to protect their interfaces from uninvited guests. HTTP-Auth provides a simple, yet effective username-and-password authentication scheme to keep out intruders. For example, when first connecting to my Netgear access point, I’m greeted with the dialog box shown in Figure 2.
Figure 2 The standard HTTP-Auth dialog box.
However, sometimes the HTTP-Auth protection can get in the way, such as when you try to script a configuration or control utility in order to access a device through its web interface.