Content
View differences
Updated by Markus Kahl almost 6 years ago
**As an** OpenProject admin
**I want** the server to return on failed login attempts 401 Unauthorized rather than 200 OK
**so that** Fail2Ban and similar tools can work by default with OpenProject.
Context by Dalibor Sojic:
> I have nginx in front of openproject:6000. The same story is with default apache configuration.
>
>
Wrong login credentials respond with http 200 header instead 403. 200 OK for wrong credentials can not be integrated with fail2ban.
>
>
It would be nice if we can integrate it with fail2ban to increase security and decrease uncecessary server load caused by brut force.
**I want** the server to return on failed login attempts 401 Unauthorized rather than 200 OK
**so that** Fail2Ban and similar tools can work by default with OpenProject.
Context by Dalibor Sojic:
> I have nginx in front of openproject:6000. The same story is with default apache configuration.
>
>
>
>