2017-01-05 19:29:11 +00:00
---
title: About the http Resource
---
# http
Use the `http` InSpec audit resource to test an http endpoint.
2017-04-03 21:21:15 +00:00
<p class="warning">Currently, this resource always executes on the host on which <code>inspec exec</code> is run, even if you use the <code>--target</code> option to remotely scan a different host.<br>
<br>
This will be corrected in a future version of InSpec. New InSpec releases are posted in the <a href="https://discourse.chef.io/c/chef-release" target="_blank">Release Announcements Category in Discourse</a>.</p>
2017-10-03 21:35:10 +00:00
<br>
2017-01-05 19:29:11 +00:00
## Syntax
An `http` resource block declares the configuration settings to be tested:
2017-05-30 16:33:59 +00:00
describe http('url', auth: {user: 'user', pass: 'test'}, params: {params}, method: 'method', headers: {headers}, data: data, open_timeout: 60, read_timeout: 60, ssl_verify: true) do
2017-01-05 19:29:11 +00:00
its('status') { should eq number }
its('body') { should eq 'body' }
2017-01-26 13:18:49 +00:00
its('headers.name') { should eq 'header' }
2017-01-05 19:29:11 +00:00
end
where
* `('url')` is the url to test
2017-05-30 16:33:59 +00:00
* `auth: { user: 'user', pass: 'test' }` may be specified for basic auth request
2017-01-05 19:29:11 +00:00
* `{params}` may be specified for http request parameters
* `'method'` may be specified for http request method (default to 'GET')
* `{headers}` may be specified for http request headers
2017-05-30 16:33:59 +00:00
* `data` may be specified for http request body
* `open_timeout` may be specified for a timeout for opening connections (default to 60)
* `read_timeout` may be specified for a timeout for reading connections (default to 60)
* `ssl_verify` may be specified to enable or disable verification of SSL certificates (default to `true`)
2017-01-05 19:29:11 +00:00
2017-10-03 21:35:10 +00:00
<br>
2017-01-05 19:29:11 +00:00
2017-10-03 21:35:10 +00:00
## Examples
2017-01-05 19:29:11 +00:00
2017-10-03 21:35:10 +00:00
The following examples show how to use this InSpec audit resource.
2017-01-05 19:29:11 +00:00
2017-10-03 21:35:10 +00:00
### Simple http test
2017-01-05 19:29:11 +00:00
2017-10-03 21:35:10 +00:00
For example, a service is listening on default http port can be tested like this:
2017-01-05 19:29:11 +00:00
2017-10-03 21:35:10 +00:00
describe http('http://localhost') do
its('status') { should cmp 200 }
end
2017-01-05 19:29:11 +00:00
2017-10-03 21:35:10 +00:00
### Complex http test
2017-01-05 19:29:11 +00:00
2017-10-03 21:35:10 +00:00
describe http('http://localhost:8080/ping',
auth: {user: 'user', pass: 'test'},
params: {format: 'html'},
method: 'POST',
headers: {'Content-Type' => 'application/json'},
data: '{"data":{"a":"1","b":"five"}}') do
its('status') { should cmp 200 }
its('body') { should cmp 'pong' }
its('headers.Content-Type') { should cmp 'text/html' }
end
<br>
2017-01-05 19:29:11 +00:00
2017-10-03 21:35:10 +00:00
## Matchers
This InSpec audit resource has the following matchers. For a full list of available matchers please visit our [matchers page](https://www.inspec.io/docs/reference/matchers/).
### body
2017-01-05 19:29:11 +00:00
2017-10-03 21:35:10 +00:00
The `body` matcher tests body content of http response:
2017-01-05 19:29:11 +00:00
2017-10-03 21:35:10 +00:00
its('body') { should eq 'hello\n' }
2017-01-05 19:29:11 +00:00
2017-01-26 13:18:49 +00:00
### headers
2017-01-05 19:29:11 +00:00
2017-01-26 13:18:49 +00:00
The `headers` matcher returns an hash of all http headers:
2017-01-05 19:29:11 +00:00
2017-01-26 13:18:49 +00:00
its('headers') { should eq {} }
Individual headers can be tested via:
its('headers.Content-Type') { should cmp 'text/html' }
2017-01-05 19:29:11 +00:00
### status
The `status` matcher tests status of the http response:
its('status') { should eq 200 }
