[Mailman-Developers] return 401 for bad password?
Mark Sapiro
mark at msapiro.net
Sat Jan 30 02:02:47 CET 2010
Mark Hedges wrote:
>
>Hi... is there any possibility a post with a bad password
>could return 401 instead of 200... that way fail2ban would
>automatically block bots that try to hack list manager
>passwords.
In Mailman/Cgi/Auth.py in the definition of loginpage find
if msg:
msg = FontAttr(msg, color='#ff0000', size='+1').Format()
and append
print '401 Unauthorized\n'
to make it
if msg:
msg = FontAttr(msg, color='#ff0000', size='+1').Format()
print '401 Unauthorized\n'
This is entirely untested, but should work for both failed admin and
admindb logins.
--
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the Mailman-Developers
mailing list