Am 06.08.19 um 16:39 schrieb Vincent van Middendorp: > Hi, > > We've enabled 'Retrieve All Embedded Resources' for our HTTPS requests > for a performance test plan. I would like to include images (and their > size). Our images are hosted by ImgIX (optimization service). This > results in secured (signed) image tags on the website with references > like this: > > https://client.imgix.net/https%3A%2F%2Ftest.client.nl%3A443%2F-%2Fmedia%2Fclient%2Fafbeeldingen%2Factiepanelen%2F20180518_hl7_le_00501-webformaat_2000px.ashx?q=20&fit=crop&crop=faces&dpr=2&auto=format&w=360&h=360&s=121a1a8adef696d82f866e5609cc50 > > As you can see the img url points to the actual hostname (where the > image is hosted) but it also contains an original site path > (https://test.client.nl). Also it contains a "s" parameter with an ID > to secure the url (no changes allowed). > > Now the embedded resource request that Jmeter seems to make to request > the image is: > > 'https://client.imgix.net/https:/test.client.nl:443/-/media/client/afbeeldingen/'... > ?s=121a1a8adef696d82f866e5609cc50 (shortened for readability) > > which causes a 403 Forbidden. > > This seems to make the imgix security check fail (url tampered with, > not same as signed url).If i copy/paste the original URL in browser it > works, if i copy/paste the decoded version in browser it doesn't. > > I've tried the different out of the box HtmlParsers but they act the > same for this case. I just want the exact value as found in the HTML > source. Does anyone know if there is a way around this so these images > can be requested? > > (this is on Apache JMeter 5.1.1r1855137, Windows 10)
I tried to simulate your test by accessing https://www.internetallee.de/~felix/test.html In the access log I can see ssl_access.log:88.130.179.201 - - [06/Aug/2019:19:22:13 +0200] "GET /~felix/https%3A%2F%2Ftest.client.nl%3A443%2F-%2Fmedia%2Fclient%2Fafbeeldingen%2Factiepanelen%2F20180518_hl7_le_00501-webformaat_2000px.ashx?q=20&fit=crop&crop=faces&dpr=2&auto=format&w=360&h=360&s=121a1a8adef696d82f866e5609cc50 HTTP/1.1" 404 649 "https://www.internetallee.de/~felix/test.html"; "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:68.0) Gecko/20100101 Firefox/68.0" "TLSv1.2" ssl_access.log:88.130.179.201 - - [06/Aug/2019:19:23:19 +0200] "GET /~felix/https:%2F%2Ftest.client.nl:443%2F-%2Fmedia%2Fclient%2Fafbeeldingen%2Factiepanelen%2F20180518_hl7_le_00501-webformaat_2000px.ashx?q=20&fit=crop&crop=faces&dpr=2&auto=format&w=360&h=360&s=121a1a8adef696d82f866e5609cc50 HTTP/1.1" 404 649 "-" "Apache-HttpClient/4.5.8 (Java/1.8.0_201)" "TLSv1.2" The first one is Firefox, the second one JMeter. It looks different to your findings, but the ':' is decoded or not re-encoded. Haven't looked any further into it, but I will let the page up for tests a bit. Felix > > Thanks in advance > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
