Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Why am I getting a 403 error when running Locust?

I am using Locust (python) to load test on a Django web app. I keep getting a 403 error when I run my script.

Here is the code:

  from locust import HttpLocust, TaskSet

def index(l):
    l.client.get("/")
def login(l):
    l.client.post("/login/", {"username":"[email protected]", "password":"education")
def upload(l):
    l.client.get("/upload-image/")
def home(l):
	 l.client.get("/home/")
def settings(l):
	l.client.get("/settings/")
def logout(l):
	l.client.get("/logout/")
class UserBehavior(TaskSet):
    tasks = {index:1, upload:1, home:1, settings:1, logout:1}

    def on_start(self):
        login(self)

class WebsiteUser(HttpLocust):
    task_set = UserBehavior
    min_wait=5000
    max_wait=9000
like image 322
atkawa7 Avatar asked Dec 03 '14 00:12

atkawa7


People also ask

Why does my amino say 403 Forbidden?

The 403 (Forbidden) status code indicates that the server understood the request but refuses to authorize it... If authentication credentials were provided in the request, the server considers them insufficient to grant access. The 403 response belongs to the 4xx range of HTTP responses: Client errors.

Why do I keep getting error 403 forbidden?

The 403 Forbidden error means that your server is working, but you no longer have permission to view all or some of your site for some reason. The two most likely causes of this error are issues with your WordPress site's file permissions or . htaccess file.


2 Answers

To expand on ZacDelagrange's answer, when you are using https, you must also set the Referer header, so in this example you could do

def on_start(self):
    """ Run on start for every Locust hatched """
    r = self.client.get('')
    self.client.headers['Referer'] = self.client.base_url
    self.client.post('/accounts/login/', 
        {'email': 'email', 'password': 'password',
         'csrfmiddlewaretoken': r.cookies['csrftoken']})
like image 106
TheAxeR Avatar answered Oct 05 '22 02:10

TheAxeR


Do a get on your root or login page, grab the csrf token from the response cookie, and post to your login url with the csrftoken. This should add the csrf token to the client's cookies and allow you to browse the page.

def on_start(self):
    """ Run on start for every Locust hatched """
    r = self.client.get('')
    self.client.post('/accounts/login/', 
        {'email': 'email', 'password': 'password',
         'csrfmiddlewaretoken': r.cookies['csrftoken']})
like image 32
ex-zac-tly Avatar answered Oct 05 '22 02:10

ex-zac-tly