Ok, figured it might be something like that. Not an easy problem to solve. In this circumstance it would be better to receive a page back that says *why* the request was blocked and where to look to allow it rather than a 403. Anonymise the hell out of the response of course so people can't reasonably guess it's an LMS instance.
That's kind of an oxymoron, isn't it? Tell the user what to do to open the door, but not tell the attacker what system it is?...
-- Michael _______________________________________________ discuss mailing list [email protected] http://lists.slimdevices.com/mailman/listinfo/discuss
