Set Up HTTP Authentication

Tell us the username and password to use for authentication. Then specify the protected device or web page you want to authenticate against. You can specify a virtual host (an FQDN such as bank.qualys.com) or the name of a realm (such as My Homepage). You cannot enter a virtual host and realm in the same record.

Select the “Send authentication over SSL only” option if you only want to attempt authentication over SSL. In this case authentication is attempted only when the form is submitted via a link that uses https://...

During a vulnerability scan, if we come across a web page that requires HTTP authentication then we’ll check to see if an HTTP record exists in your account with applicable credentials. If a record exists, we’ll use the credentials in the record to perform HTTP authentication.

You can create vulnerability scan reports that include authentication status QIDs (Information Gathered). These QIDs report details about HTTP protocol level authentication: QID 86762 "Web Authentication Methods" and QID 105315 "Web Authentication Failed".