[Koha-bugs] [Bug 34293] New: ILS-DI returns 200 instead of 403 for unauthorized requests
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Mon Jul 17 04:53:31 CEST 2023
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=34293
Bug ID: 34293
Summary: ILS-DI returns 200 instead of 403 for unauthorized
requests
Change sponsored?: ---
Product: Koha
Version: master
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5 - low
Component: Web services
Assignee: koha-bugs at lists.koha-community.org
Reporter: dcook at prosentient.com.au
QA Contact: testopia at bugs.koha-community.org
We had a third-party hitting the ILS-DI API and in the logs it said 200, but
they were actually getting the "Unauthorized IP address" message.
It seems to me that we should have the ILS-DI API reply with 403 in that
situation, so that Koha sysadmins can see that the requests are failing.
This could also be useful for security monitoring.
--
You are receiving this mail because:
You are the assignee for the bug.
You are watching all bug changes.
More information about the Koha-bugs
mailing list