When using HTTP headers to authenticate the Scan Engine, make sure that the session ID header is valid between the time you save this ID for the site and when you start the scan. For more information about the session ID header, consult your Web administrator.
Not every Web site supports the storage of cookies, so it is helpful to verify that header authentication is possible on your target Web site before you use this method. Verification involves exporting the cookie values from the target Web site. Various tools are available for this task. For example, if you use Firefox as your browser, you can install the Cookie Exporter, Cookie Importer, and Firebug addons. The following steps incorporate Firefox as the browser for illustration:
Exporting cookies from Firefox
The exported cookies file with all but the session cookies removed.
After verifying that header authentication is possible, start the HTTP headers configuration:
If you want to configure HTTP headers while configuring a new site, click the Create site button on the Home page.
OR
Click the Create tab at the top of the page and then select Site from the drop-down list.
If you want to configure HTTP headers for an existing site, click that site's Edit icon in the Sites table on the Home page.
Web App URLs
Continue with adding a header:
Tip: If you do not know any of the required information for configuring a Web form logon, consult the developer of the target Web site.
For example, a name/value pair may specify a name/value pair for a session ID. The name might be Session-id, and the value might be URI.
Name/value pair
If you are not sure what header to use, consult your Web administrator.
After you enter the name/value pair, it appears in the HTTP Header Values table.
HTTP Header Values table
Continue with creating a regular expression for logon failure and testing the logon:
The default value works in most logon cases. If you are unsure of what regular expression to use, consult the Web administrator. For more information, see Using regular expressions.
If the Security Console displays a success notification, click Save.
If logon failure occurs, change any settings as necessary and try again.