Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
GUI returning HTTP status 200 instead of 401 on failed login
« previous
next »
Print
Pages: [
1
]
Author
Topic: GUI returning HTTP status 200 instead of 401 on failed login (Read 1832 times)
dzany
Newbie
Posts: 2
Karma: 0
GUI returning HTTP status 200 instead of 401 on failed login
«
on:
September 03, 2021, 11:51:31 am »
Hi all, I hope I got to the correct subforum, and hello to all, this is my first post here
I have a reverse proxy in front of the Opnsense GUI for some specific reasons. I want to use fail2ban as an additional guard against failed logins to the Opnsense GUI because it needs to be accessible from the outside of the network, so the users can change their own VPN passwords and get their TOTP QRcode by themselves.
I have a problem that Opnsense GUI is actually returning HTTP status 200 instead of 401 when the username/password combination is incorrect. Is there any quick fix available, or could it be requested to get fixed in some next release?
Thank you!
«
Last Edit: September 03, 2021, 12:01:44 pm by dzany
»
Logged
fabian
Hero Member
Posts: 2769
Karma: 200
OPNsense Contributor (Language, VPN, Proxy, etc.)
Re: GUI returning HTTP status 200 instead of 401 on failed login
«
Reply #1 on:
September 03, 2021, 07:32:11 pm »
OPNsense logs failed attempts to Syslog. You can use that to trigger a reaction.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
GUI returning HTTP status 200 instead of 401 on failed login