Title

New Functionality: Mixed Content Checking For SSL

Why is avoiding mixed content on your pages important?

Mixed content occurs when the site is accessed over a HTTPS secure connection, but other resources on the page are loaded through an insecure connection. This is defined as “Mixed Content” as both HTTP and HTTPS content are being loaded on the same page when the request started as a secure HTTPS request.

In most cases users will receive a warning from their browser to indicate that this is the case when visiting the site.

5.7% of Sites are Impacted
StatusCake Sample Size of 100,000 URLs

To protect the integrity, security and secrecy of your data where necessary. It’s required that all resources be served over a HTTPS connection. If there’s a single resource on any given page that’s not secured in this way then your users will be informed that the page is not fully secure upon visiting.

Having a fully secured page will assure your users of the following facts:

  • Visitors can be sure of the identity of the website.
  • Visitors can be sure that nobody has tampered with the data they send and receive.
  • Visitors can be sure that nobody unauthorised can view the data that they send and receive.

The Solution

With StatusCake you can now ensure that none of your pages contain Mixed Content, we’ve built this functionality into our SSL monitoring feature, so you can now be alerted the moment anything of this nature is found.

MConent

It’s important to note that mixed content will only be detected by us on the page you are testing, so a test on your homepage’s URL for SSL will not detect mixed content on other pages of the website. If you want to test more than one page then multiple tests would be required. Also worth remembering is that resources requested from scripts or within iframes will not be checked.

The option is enabled by default for all SSL testing as it’s an essential thing to watch out for – and alerting will fire automatically for any SSL tests that currently have a contact group. If you do not have a contact group attached to your SSL test it’s just a case of adding one and then entering the settings to select the “Mixed Content” check box.

For information on how to use the feature please check out our Knowledgebase article here.

We hope you like this newest addition to the wide range of tools we offer at StatusCake, and just let our support team know if you have any questions

dashboard2

Feature Spotlight: Dashboards

At StatusCake we’ve got a range of great tools for reporting, and one of our most popular features for this purpose are the StatusCake Dashboards. The functionality described here is available on our Business package upwards.

Dashboards are pages which can show all your StatusCake operations in one place, from your uptime tests to your virus scans, making them a great tool for internal teams to get an instant view of service status as a whole. Once generated the page will be fully optimised to fit nicely on large office monitors.

dashboard1

Dashboards are simple to configure. if you haven’t tried this out before then you can get stuck in by clicking here. Simply give the dashboard a name, then select which tests should be added. You can add all of our test types to these pages including: Uptime, SSL, Domain, Page Speed, Server Monitor, and Virus Scan types.

Once you have added your tests to the dashboard you are ready to go, and can publish the new page by saving it, at this point a hashed link will be generated to ensure that only people you share this with will be able to gain access.

When published, the dashboard can have additional options configured at any time through the settings icon at the top right corner. The options here enable you to filter the data that appears, for example you can select to only see the services which are having a problem. You can also set a custom refresh rate for the page.

dashboards3

If you’d like to read a know more about this feature, or wanted to see the full set up process please give our support team a shout, or alternatively check out the relevant article on our Knowledgebase.

 

Friday Feature Update

friday

Server Monitoring updates

We have overhauled the view for the information on the Server monitoring page and you can see a preview of this below:

SErverM

In addition, we have added more monitoring data. You can now see a historical view of disk usage, and you’ll find that you are able to see the usage per disk where more than one is in use on your server.

 

Discord integration

We’ve also added a new integration with Discord for the StatusCake alerts, you can now receive all alert types straight through to your chosen Discord channel.

discordia

It’s very easy to set this up, you just need to be the channel admin – this will allow you to grab the Webhook from the channel settings which is required on the StatusCake end to set up the integration.

 

Sub user improvements

Due to popular demand we’ve today made Sub-User management easier by removing the requirement to delete a current Sub-User in order to edit it’s permissions. You can now edit Sub-Users permissions and view-able test tags in app with the built in edit function.

 

Creation State

Another request we have seen a lot recently is the ability to start a test in a paused state – we are glad to confirm that this has now been implemented, and you can find this option as shown below. Please note that the option is only available when creating a new test.

creation

New Domain TLD support

.Radio, .Ink and .FM are now supported!

opsfinal

Integration Spotlight: OpsGenie

At StatusCake we’ve got a great range of integrations for alerting, today we want to take you through some of the advantages of using OpsGenie which differs from some of our other integrations in that it has several extra layers of setup beyond what can be configured in the StatusCake app.

On Call Scheduling

With the StatusCake-OpsGenie integration it’s easy to set up your different teams or individual staff under their own on call schedules. These can be set up on daily, weekly or custom rotations, and this allows for advanced scheduling scenarios like after hours, weekdays and weekends, or even teams based in different geographical locations. There’s also a handy tool called “Schedule Previewer” which allows you to instantly get an overview of your set up in this regard.

Detailed Alert Tracking

For every alert sent from StatusCake through OpsGenie, you will be able to view detailed tracking information. Within the OpsGenie activity log you can see when the alert was created and sent, who was notified, the time at which the alert was picked up by the recipients, and any logged action that has been taken.

Escalations

As well as notifying multiple users at the same time, StatusCake alerts through OpsGenie can have escalation policies applied to them. This means that if the first team or individual to receive the alert does not pick it up for a set time frame the notification can then be forwarded on to another team, you can set this up to alert different staff/teams in order until the problem is resolved.

Alert Actions

With the OpsGenie app installed on a mobile device it’s possible for staff to take appropriate actions in response to alerts that they receive. A set of default actions such as closing the alert and adding a note are available from the app from the get-go, and custom actions can also be added to suit your teams needs.

Alert parsing and type-change

Another great function available through the StatusCake-OpsGenie integration is the ability to parse incoming alerts from StatusCake, this means not just that they can always go to the right person with the right information, but also that you can choose to convert the type of alert that’s sent. When a StatusCake alert hits your OpsGenie dashboard it can then be automatically converted to an alert in Email, SMS, Mobile Push or Phone Call format.

Getting Started with this integration

If you already use OpsGenie, or if you were considering giving it a try you can view the set up guide here – if you have any questions just get in touch with our friendly support team who will be happy to help!

xdk

Using StatusCake to test login, and a variety of other transactions

With StatusCake you can use a variety of methods to test basic “transactions”, including forms that deal with login, data protection and others.

The Tools

Form and Raw POST data – We can send form or raw POST data along with our normal test requests, in many cases when dealing with HTML forms we can submit this data to the form in order to test the associated function.

Basic Authentication login – For pages where there’s not a HTML form to submit to, and instead access is gained through basic authentication. You can see an example of a Basic Auth dialogue below:

1

Content/String Match – Once we’ve submitted to the form or gained access to the page, it’s important to then verify that the expected page and results are returned. To do this we can use our Content Match feature. This will run a string match for one or multiple strings on the resulting page.

Final URL – You can use the Final URL feature to confirm that the page you’ve reached at the end of the process contains the correct URL, great for catching erroneous errors.

The  Method

First of all you should assess which tools you need to use, and where the testing should be targeted. If you are dealing with a HTML based login form you should submit Form POST data, and your target should be the URL of that form rather than the main page URL.

2

If it’s a basic authentication job then your URL target should be that of the main page, and you should use the basic auth fields on the test on our end to gain access:

3

For other types of HTML form, which could be for a wide range of uses, you just need to grab the field submission names from the source code, these can again be entered in the Form POST field in valid JSON format with your desired values. This way you can use the feature to test pretty much any type of entry form.

4

Validating the Results

Once your form or login dialogue is being actioned, it’s time to set up validation of the process, this can be done in two ways.

String Match – Using the String Match field on the test you can confirm the presence of one or more strings in the source of the resulting page after whichever process has been carried out. You can be alerted optionally if these strings are found/not found.

Final Location – With this you can verify that the final URL in the process is an expected URL, for example if you are expecting http://mysite.com/allgood.php ,  but the URL reached is http://mysite.com/notgreat.php – you will receive an alert for the test.

 

Thanks for reading and just let us know if you’ve got any questions on this via our support channel!