TryLogin should should reply with 403 status code instead of 200 on login failure
We want to create a fail2ban rule on our reverse proxy ( haproxy) to limit bruteforce attacks from the wild. Unfortunately, /TryLogin always reply with status code 200, regardless of success or wrong credentials, so we have no way to distinguish between login success and failure.
Thanks!