Home page logo

basics logo Security Basics mailing list archives

Re: False (?) 401 errors messages
From: Chris Ess <securityfocus () cae tokimi net>
Date: Wed, 17 Dec 2003 12:46:42 -0500 (EST)

On Wed, 17 Dec 2003, Jon Mark Allen wrote:

I've written a custom 401 error page (using php) to notify me (via
email) when someone fails to authenticate to a secure website I'm
managing.  The only problem is that I get an email for _every_ access
not just the ones that fail.


If I remember correctly...  And I may not...

Whenever a web browser hits a password-protected page and it does not have
a username and password for the page presented in the request header, it
will receive a 401 response.  It is this 401 response that prompts the web
browser to ask the user to enter the username and password for this site.

I don't know if you can do this, but...  In your error document for 401's,
query the username supplied.  If the username is blank or undefined then
it was an initial visit by a web browser and probably does not need to be
logged if you're trying to log attempts to log in with a username/password
pair.  So, if it does not need to be logged, you should not need to send
an email.

This may be of some use to you:


Chris Ess
System Administrator / CDTT (Certified Duct Tape Technician)


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]