View Revisions: Issue #16470

Summary 16470: Use real http header instead of redirect for permission denial
Revision 2020-07-09 15:02 by DenisChenu
Additional Information

403 : someone with a valid account try to access something it don't have the right : Sample for survey (since year)
400 : someone try to send bad parameters : can be XSS or SQL injection

For example : you can use fail2ban or check the log to see the attack tentative. With direct filtering : no way to work on log.

Revision 2020-07-09 14:55 by DenisChenu
Additional Information

403 : someone with a valid account try to access something it don't have the right : Sample for survey (since year)
400 : someone try to send bad parameters : can be XSS or SQL injection

Revision 2020-07-08 15:10 by DenisChenu
Additional Information