In order for Probely to run full-fledged scans on your target, you need to verify its domain. Learn more about why do we require you to verify the ownership of the domain ?.
The problem
The domain verification using a .txt file fails with the error: Token file not found.
Troubleshoot the problem
To troubleshoot this problem, go through the following steps to identify the possible causes and respective solutions to fix it.
Step 1: Test the direct access
Test if the .txt file can be directly accessed in one of the following ways:
Open a browser and type the URL to the file:
https://<domain_to_verify>/<your file name>.txt
For example:
https://example.com/00000000-0000-0000-0000-000000000000.txt
Use a curl command like this:
curl -i https://<domain_to_verify>/<your file name>.txt
For example:
curl -i https://example.com/00000000-0000-0000-0000-000000000000.txt
If it fails with a 404 - Not Found error, the file is not directly accessible, and Probely cannot verify the domain.
Check the following possible causes and apply the respective solution:
Cause | Solution |
The .txt file does not exist in the server's root folder. | Ensure that the file is in the server's root folder. |
The .txt file is in the server's root folder but does not have the correct permissions. | Ensure the file has the correct permissions for Probely to access it. |
Step 2: Test redirects
Test if there are redirects when accessing the .txt file in one of the following ways:
Open a browser and type the URL to the file:
https://<domain_to_verify>/<your file name>.txt
For example:
https://example.com/00000000-0000-0000-0000-000000000000.txt
Use a curl command like this:
curl -i https://<domain_to_verify>/<your file name>.txt
For example:
curl -i https://example.com/00000000-0000-0000-0000-000000000000.txt
If there is a redirect, the .txt file is fetched from another URL, and Probely cannot verify the domain.
For example:
https://example.com/00000000-0000-0000-0000-000000000000.txt
could be redirected to
https://www.example.com/00000000-0000-0000-0000-000000000000.txt
Check the following possible causes and apply the respective solution:
Cause | Solution |
The file's URL is redirected to another URL. | Create a target with the domain of the redirected URL. In our example, you would have to create a target for |
Step 3: Test blockers
Test if there are “human checks” (e.g., a captcha) or WAFs blocking access to the .txt file as follows:
Open a browser in incognito mode.
Type the URL to the file:
https://<domain_to_verify>/<your file name>.txt
For example:
https://example.com/00000000-0000-0000-0000-000000000000.txt
If a “human check” appears or a WAF blocks access to the .txt file, Probely cannot verify the domain.
Check the following possible causes and apply the respective solution:
Cause | Solution |
A “human check” is blocking access to the file. | Remove the “human check” when accessing the .txt file. |
A WAF is blocking access to the file. | Add Probely’s IPs to the WAF’s whitelist. Read more about how to configure Probely’s IPs in WAFs. |
After following these steps, identifying the causes, and applying the respective solutions, you should be able to verify the domain using a .txt file.
Learn more about this subject in the following articles: