Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-20204

The URL context and source IP (and headers?) should be logged when an login fails

    XMLWordPrintable

Details

    • We collect Confluence feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

    Description

      With the new "captcha after x failed logins" system in place, we're seeing lots of accounts getting locked out because people have left things like RSS readers and scripts with RPC connections using old passwords.

      It's easy for us to chase these down when people use os_username, but when basic auth is used there is no indication in the apache logs.

      Confluence should log the URL and (optionally) the full headers of the connection so that an administrator can compare them to the Apache logs and try to narrow down where the bad logins are coming from.

      Attachments

        Activity

          People

            etom edith (Inactive)
            pkorathota Pramod Korathota (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: