Navigation

    Kopano
    • Register
    • Login
    • Search
    • Categories
    • Get Official Kopano Support
    • Recent

    Status code upon login failures is not 401

    Kopano WebApp
    1
    2
    25
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • fixundfertig123
      fixundfertig123 last edited by

      Hello everyone,

      Upon log file analysis I observerd that entering incorrect passwords / usernames does not result in 401 response code in the NGINX/Apache2 log file, but only a 200 with an verbal “Logon failed. Please verify your credentials and try again”.

      When entering wrong password my reverse proxy recieves from webapp:
      AAA.BBB.CCC.EEE - - [11/Apr/2020:12:56:16 +0200] “POST /webapp/?logon HTTP/1.1” 200 3096 “https://XXX/webapp/?logon” “Mozilla/5.0 (Linux; Android 7.0; DEVICENAME) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.xxx.xxx.xxx Safari/537.36”

      Looking into the WebAPP Apache2 access log states:
      AAA.BBB.CCC.EEE - - [11/Apr/2020:12:56:16 +0200] “POST /webapp/?logon HTTP/1.1” 200 3550 “https://XXX/webapp/?logon” “Mozilla/5.0 (Linux; Android 7.0; DEVICENAME) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.xxx.xxx.xxx Safari/537.36”

      Looking into the WebAPP Apache2 error log reveals:
      [Sat Apr 11 12:56:16.087556 2020] [:error] [pid 22604] [client AAA.BBB.CCC.EEE:49738] Kopano WebApp user: username@XXX.de: authentication failure at MAPI, referer: https://XXX/webapp/?logon

      Anyone else oberserving this? This causes some problems when establishing security mechanism like fail2ban, …

      All involved server are:
      Description: Debian GNU/Linux 9.12 (stretch)
      Release: 9.12
      Codename: stretch
      WebApp: 3.5.14.2539+111.1
      Kopano Core: 8.7.9

      I appreciate any help.

      1 Reply Last reply Reply Quote 0
      • fixundfertig123
        fixundfertig123 last edited by

        Hi,

        no one experiencing this problem?

        Best

        1 Reply Last reply Reply Quote 0
        • First post
          Last post