Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
Comment: | Failed login attempts via /login now return HTTP status code 401 (Unauthorized), not 200. This has no user-visible effect in the returned page, but it allows fail2ban style log scanning. |
---|---|
Downloads: | Tarball | ZIP archive | SQL archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA3-256: |
39d7eb0e226565e31ea812d2704e114a |
User & Date: | wyoung 2020-11-16 00:41:16 |
Context
2020-11-16
| ||
02:05 | Moved the www/tls-nginx.md doc contents into its companion doc www/server/debian/nginx.md and updated it for Ubuntu 20.04 LTS and Snap-based Certbot. ... (check-in: 0e63df1490 user: wyoung tags: trunk) | |
00:41 | Failed login attempts via /login now return HTTP status code 401 (Unauthorized), not 200. This has no user-visible effect in the returned page, but it allows fail2ban style log scanning. ... (check-in: 39d7eb0e22 user: wyoung tags: trunk) | |
2020-11-14
| ||
06:52 | Add extra check in git_fast_import() so that 'import --git --incremental' queries the new 'fx_git' table if it exists in the repository database to attribute check-ins. ... (check-in: 8eeba7a8db user: jamsek tags: trunk) | |
Changes
Changes to src/login.c.
︙ | ︙ | |||
641 642 643 644 645 646 647 648 649 650 651 652 653 654 | sleep(1); zErrMsg = @ <p><span class="loginError"> @ You entered an unknown user or an incorrect password. @ </span></p> ; record_login_attempt(zUsername, zIpAddr, 0); }else{ /* Non-anonymous login is successful. Set a cookie of the form: ** ** HASH/PROJECT/LOGIN ** ** where HASH is a random hex number, PROJECT is either project ** code prefix, and LOGIN is the user name. | > | 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 | sleep(1); zErrMsg = @ <p><span class="loginError"> @ You entered an unknown user or an incorrect password. @ </span></p> ; record_login_attempt(zUsername, zIpAddr, 0); cgi_set_status(401, "Unauthorized"); }else{ /* Non-anonymous login is successful. Set a cookie of the form: ** ** HASH/PROJECT/LOGIN ** ** where HASH is a random hex number, PROJECT is either project ** code prefix, and LOGIN is the user name. |
︙ | ︙ |