Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error shall not be 500 but 403 #5

Open
krisdante opened this issue Aug 28, 2018 · 3 comments
Open

Error shall not be 500 but 403 #5

krisdante opened this issue Aug 28, 2018 · 3 comments
Assignees
@phoenix128

Comments

@krisdante
Copy link

Currently, the status code thrown for not accepted IP is:
500 Internal Server Error - Security Exception

It would be better to have a proper HTTP status code like 403 (Frobidden).

Error 500 is reserved for severe server errors - and our monitoring sends alert to DevOps team, and also breaks our statistics about 500 errors.
@krisdante
Copy link
Author

Alternatively, it could be also 404 or redirect (temp) to the homepage, so it is not easy to discover what is the admin URL from non-known IPs

@phoenix128
Copy link
Contributor

Maybe 403 is a better option, I agree.

@phoenix128 phoenix128 self-assigned this Aug 29, 2018
@krisdante
Copy link
Author

krisdante commented Aug 29, 2018
edited
Loading

I submitter the Pull Request. It modifies the LockDown interface in general, but taking into account what this lockdown does - I think it is a good change anyway.
magespecialist/m2-MSP_Security_Suite_Common/pull/3

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@phoenix128 phoenix128

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@krisdante @phoenix128