[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: error logged - but I don't see a problem
From: |
Martin Pala |
Subject: |
Re: error logged - but I don't see a problem |
Date: |
Mon, 19 Sep 2016 13:36:25 +0200 |
I'm sorry, the message cannot be clearer:
HttpRequest: access denied -- client [81.218.187.96]: missing or
invalid Authorization header
Technically the browser sent a Monit GUI request without authorization header,
so monit rejected access. It's not possible to differentiate on monit (server)
side if it's just harmless browser request or part of attack - monit logs the
message for security reasons.
> On 19 Sep 2016, at 12:29, Moshe Cohen <address@hidden> wrote:
>
> Thanks.
>
> Being common, maybe it is worth demoting it to a warning and possibly wording
> it in a clearer manner, so that it wouldn't look like something is wrong.
>
> On Mon, Sep 19, 2016 at 11:49 AM, Martin Pala <address@hidden> wrote:
> If it is from the same client and same time where you try to access the GUI,
> you can ignore these errors ... the browser usually tries initial requests in
> parallel (like favicon, etc.) to increase the speed of page loading. When it
> gets the "authentication required" error, it performs authentication and
> loads the resources.
>
> You can use for example wireshark/tcpdump to see the whole communication.
>
> Best regards,
> Martin
>
>
>
>
>> On 17 Sep 2016, at 22:24, Moshe Cohen <address@hidden> wrote:
>>
>> When I access Monit from the Web interface, I see the following log line:
>>
>> [UTC Sep 17 20:21:05] error : HttpRequest: access denied -- client
>> [81.218.187.96]: missing or invalid Authorization header
>>
>> But I see the dashboard on the Web and everything seems to work OK there, so
>> what is the problem?
>>
>> --
>> To unsubscribe:
>> https://lists.nongnu.org/mailman/listinfo/monit-general
>
>
> --
> To unsubscribe:
> https://lists.nongnu.org/mailman/listinfo/monit-general
>
> --
> To unsubscribe:
> https://lists.nongnu.org/mailman/listinfo/monit-general