TryLogin should should reply with 403 status code instead of 200 on login failure

Avatar
  • Pending Review

We want to create a fail2ban rule on our reverse proxy ( haproxy) to limit bruteforce attacks from the wild. Unfortunately, /TryLogin always reply with status code 200, regardless of success or wrong credentials, so we have no way to distinguish between login success and failure.

Thanks!

Top contributors

Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar