Pending Review

TryLogin should should reply with 403 status code instead of 200 on login failure

Louis-David Perron 2 months ago 0

We want to create a fail2ban rule on our reverse proxy ( haproxy) to limit bruteforce attacks from the wild. Unfortunately, /TryLogin always reply with status code 200, regardless of success or wrong credentials, so we have no way to distinguish between login success and failure.