Replies: 3 comments 13 replies
-
|
The 400 is just sent when the login API gets incorrect credentials |
Beta Was this translation helpful? Give feedback.
-
|
That’s what I thought. Shouldn’t it be a 403RegardsPaulOn 9 Dec 2024, at 12:59, Nicolas Mowen ***@***.***> wrote:
The 400 is just sent when the login API gets incorrect credentials
—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you authored the thread.Message ID: ***@***.***>
|
Beta Was this translation helpful? Give feedback.
-
|
there may be a reason it was 400 specifically, CC @blakeblackshear |
Beta Was this translation helpful? Give feedback.
-
|
Is there a reason the built-in protection doesn't suit your needs? https://docs.frigate.video/configuration/authentication#login-failure-rate-limiting This already blocks repeated login attempts from the same ip address. |
Beta Was this translation helpful? Give feedback.
-
|
do you think this can make it to the next beta? |
Beta Was this translation helpful? Give feedback.
-
|
What are you referring to? |
Beta Was this translation helpful? Give feedback.
-
|
@blakeblackshear suggested the return code after failed login would be changed to 401 |
Beta Was this translation helpful? Give feedback.
-
|
that has already been implemented for beta 3 |
Beta Was this translation helpful? Give feedback.
-
|
This was already merged and is in beta 3. |
Beta Was this translation helpful? Give feedback.
-
I'd like to enable Fail2ban to run against the Frigate front end logs so we can pick up rogue login attempts.
My goal is to document a 'how to' so other users can enable if required. I've noticed a few requests in the past.
My initial question relates to the front end platform/framework. Could someone let me know what this is built on. From what I can see in the Nginx logs it's returning a 400 error on failed login and I couldn't easily see how this was generated.
Beta Was this translation helpful? Give feedback.
All reactions