HTTP HTTP GET # Server-side HTTP/1.0 401 BAD BOY Server: swsclose Content-Type: text/html This contains a response code >= 400, so curl shouldn't display this. Even though it's a response code that triggers authentication, we're not using authentication so we should still fail. # Client-side http HTTP GET with an error code that might trick authentication http://%HOSTIP:%HTTPPORT/151 # Verify data after the test has been "shot" GET /151 HTTP/1.1 Host: %HOSTIP:%HTTPPORT User-Agent: curl/%VERSION Accept: */*