From 9ca136370ea1c2d680336c9b3fa3fb4b9e3da946 Mon Sep 17 00:00:00 2001 From: Nicola Murino Date: Sat, 11 Sep 2021 18:20:24 +0200 Subject: [PATCH] don't generate defender events for HTTP/WebDAV requests with no auth it is quite common for HTTP clients to send a first request without the Authorization header and then send the credentials after receiving a 401 response. We don't want to generate defender events in this case --- httpd/api_utils.go | 2 +- webdavd/server.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/httpd/api_utils.go b/httpd/api_utils.go index 73b69f22..99e51112 100644 --- a/httpd/api_utils.go +++ b/httpd/api_utils.go @@ -363,7 +363,7 @@ func parseRangeRequest(bytesRange string, size int64) (int64, int64, error) { func updateLoginMetrics(user *dataprovider.User, ip string, err error) { metrics.AddLoginAttempt(dataprovider.LoginMethodPassword) - if err != nil && err != common.ErrInternalFailure { + if err != nil && err != common.ErrInternalFailure && err != common.ErrNoCredentials { logger.ConnectionFailedLog(user.Username, ip, dataprovider.LoginMethodPassword, common.ProtocolHTTP, err.Error()) event := common.HostEventLoginFailed if _, ok := err.(*dataprovider.RecordNotFoundError); ok { diff --git a/webdavd/server.go b/webdavd/server.go index 163d06ef..b1c04b67 100644 --- a/webdavd/server.go +++ b/webdavd/server.go @@ -367,7 +367,7 @@ func writeLog(r *http.Request, err error) { func updateLoginMetrics(user *dataprovider.User, ip, loginMethod string, err error) { metrics.AddLoginAttempt(loginMethod) - if err != nil && err != common.ErrInternalFailure { + if err != nil && err != common.ErrInternalFailure && err != common.ErrNoCredentials { logger.ConnectionFailedLog(user.Username, ip, loginMethod, common.ProtocolWebDAV, err.Error()) event := common.HostEventLoginFailed if _, ok := err.(*dataprovider.RecordNotFoundError); ok {