Fossil SCM
Failed login attempts via /login now return HTTP status code 401 (Unauthorized), not 200. This has no user-visible effect in the returned page, but it allows fail2ban style log scanning.
Commit
39d7eb0e226565e31ea812d2704e114a96a30245ff8b2e343a8df82b78cf2894
Parent
8eeba7a8db0e8c3…
1 file changed
+1
+1
| --- src/login.c | ||
| +++ src/login.c | ||
| @@ -643,10 +643,11 @@ | ||
| 643 | 643 | @ <p><span class="loginError"> |
| 644 | 644 | @ You entered an unknown user or an incorrect password. |
| 645 | 645 | @ </span></p> |
| 646 | 646 | ; |
| 647 | 647 | record_login_attempt(zUsername, zIpAddr, 0); |
| 648 | + cgi_set_status(401, "Unauthorized"); | |
| 648 | 649 | }else{ |
| 649 | 650 | /* Non-anonymous login is successful. Set a cookie of the form: |
| 650 | 651 | ** |
| 651 | 652 | ** HASH/PROJECT/LOGIN |
| 652 | 653 | ** |
| 653 | 654 |
| --- src/login.c | |
| +++ src/login.c | |
| @@ -643,10 +643,11 @@ | |
| 643 | @ <p><span class="loginError"> |
| 644 | @ You entered an unknown user or an incorrect password. |
| 645 | @ </span></p> |
| 646 | ; |
| 647 | record_login_attempt(zUsername, zIpAddr, 0); |
| 648 | }else{ |
| 649 | /* Non-anonymous login is successful. Set a cookie of the form: |
| 650 | ** |
| 651 | ** HASH/PROJECT/LOGIN |
| 652 | ** |
| 653 |
| --- src/login.c | |
| +++ src/login.c | |
| @@ -643,10 +643,11 @@ | |
| 643 | @ <p><span class="loginError"> |
| 644 | @ You entered an unknown user or an incorrect password. |
| 645 | @ </span></p> |
| 646 | ; |
| 647 | record_login_attempt(zUsername, zIpAddr, 0); |
| 648 | cgi_set_status(401, "Unauthorized"); |
| 649 | }else{ |
| 650 | /* Non-anonymous login is successful. Set a cookie of the form: |
| 651 | ** |
| 652 | ** HASH/PROJECT/LOGIN |
| 653 | ** |
| 654 |