I'm sorry, the message cannot be clearer:

        HttpRequest: access denied -- client [81.218.187.96]: missing or 
invalid Authorization header

Technically the browser sent a Monit GUI request without authorization header, 
so monit rejected access. It's not possible to differentiate on monit (server) 
side if it's just harmless browser request or part of attack - monit logs the 
message for security reasons.



> On 19 Sep 2016, at 12:29, Moshe Cohen <mos...@gmail.com> wrote:
> 
> Thanks.
> 
> Being common, maybe it is worth demoting it to a warning and possibly wording 
> it in a clearer manner, so that it wouldn't look like something is wrong.
> 
> On Mon, Sep 19, 2016 at 11:49 AM, Martin Pala <mart...@tildeslash.com> wrote:
> If it is from the same client and same time where you try to access the GUI, 
> you can ignore these errors ... the browser usually tries initial requests in 
> parallel (like favicon, etc.) to increase the speed of page loading. When it 
> gets the "authentication required" error, it performs authentication and 
> loads the resources.
> 
> You can use for example wireshark/tcpdump to see the whole communication.
> 
> Best regards,
> Martin
> 
> 
> 
> 
>> On 17 Sep 2016, at 22:24, Moshe Cohen <mos...@gmail.com> wrote:
>> 
>> When I access Monit from the Web interface, I see the following log line:
>> 
>> [UTC Sep 17 20:21:05] error    : HttpRequest: access denied -- client 
>> [81.218.187.96]: missing or invalid Authorization header
>> 
>> But I see the dashboard on the Web and everything seems to work OK there, so 
>> what is the problem?
>> 
>> --
>> To unsubscribe:
>> https://lists.nongnu.org/mailman/listinfo/monit-general
> 
> 
> --
> To unsubscribe:
> https://lists.nongnu.org/mailman/listinfo/monit-general
> 
> --
> To unsubscribe:
> https://lists.nongnu.org/mailman/listinfo/monit-general


--
To unsubscribe:
https://lists.nongnu.org/mailman/listinfo/monit-general

Reply via email to