Re: error logged - but I don't see a problem

2016-09-19 Thread Martin Pala 
I'm sorry, the message cannot be clearer:

HttpRequest: access denied -- client [81.218.187.96]: missing or 
invalid Authorization header

Technically the browser sent a Monit GUI request without authorization header, 
so monit rejected access. It's not possible to differentiate on monit (server) 
side if it's just harmless browser request or part of attack - monit logs the 
message for security reasons.



> On 19 Sep 2016, at 12:29, Moshe Cohen  wrote:
> 
> Thanks.
> 
> Being common, maybe it is worth demoting it to a warning and possibly wording 
> it in a clearer manner, so that it wouldn't look like something is wrong.
> 
> On Mon, Sep 19, 2016 at 11:49 AM, Martin Pala  wrote:
> If it is from the same client and same time where you try to access the GUI, 
> you can ignore these errors ... the browser usually tries initial requests in 
> parallel (like favicon, etc.) to increase the speed of page loading. When it 
> gets the "authentication required" error, it performs authentication and 
> loads the resources.
> 
> You can use for example wireshark/tcpdump to see the whole communication.
> 
> Best regards,
> Martin
> 
> 
> 
> 
>> On 17 Sep 2016, at 22:24, Moshe Cohen  wrote:
>> 
>> When I access Monit from the Web interface, I see the following log line:
>> 
>> [UTC Sep 17 20:21:05] error: HttpRequest: access denied -- client 
>> [81.218.187.96]: missing or invalid Authorization header
>> 
>> But I see the dashboard on the Web and everything seems to work OK there, so 
>> what is the problem?
>> 
>> --
>> To unsubscribe:
>> https://lists.nongnu.org/mailman/listinfo/monit-general
> 
> 
> --
> To unsubscribe:
> https://lists.nongnu.org/mailman/listinfo/monit-general
> 
> --
> To unsubscribe:
> https://lists.nongnu.org/mailman/listinfo/monit-general


--
To unsubscribe:
https://lists.nongnu.org/mailman/listinfo/monit-general

Re: error logged - but I don't see a problem

2016-09-19 Thread Moshe Cohen 
Thanks.

Being common, maybe it is worth demoting it to a warning and possibly
wording it in a clearer manner, so that it wouldn't look like something is
wrong.

On Mon, Sep 19, 2016 at 11:49 AM, Martin Pala 
wrote:

> If it is from the same client and same time where you try to access the
> GUI, you can ignore these errors ... the browser usually tries initial
> requests in parallel (like favicon, etc.) to increase the speed of page
> loading. When it gets the "authentication required" error, it performs
> authentication and loads the resources.
>
> You can use for example wireshark/tcpdump to see the whole communication.
>
> Best regards,
> Martin
>
>
>
>
> On 17 Sep 2016, at 22:24, Moshe Cohen  wrote:
>
> When I access Monit from the Web interface, I see the following log line:
>
> [UTC Sep 17 20:21:05] error: HttpRequest: access denied -- client
> [81.218.187.96]: missing or invalid Authorization header
>
> But I see the dashboard on the Web and everything seems to work OK there,
> so what is the problem?
>
> --
> To unsubscribe:
> https://lists.nongnu.org/mailman/listinfo/monit-general
>
>
>
> --
> To unsubscribe:
> https://lists.nongnu.org/mailman/listinfo/monit-general
>
--
To unsubscribe:
https://lists.nongnu.org/mailman/listinfo/monit-general

Re: error logged - but I don't see a problem

2016-09-19 Thread Martin Pala 
If it is from the same client and same time where you try to access the GUI, 
you can ignore these errors ... the browser usually tries initial requests in 
parallel (like favicon, etc.) to increase the speed of page loading. When it 
gets the "authentication required" error, it performs authentication and loads 
the resources.

You can use for example wireshark/tcpdump to see the whole communication.

Best regards,
Martin




> On 17 Sep 2016, at 22:24, Moshe Cohen  wrote:
> 
> When I access Monit from the Web interface, I see the following log line:
> 
> [UTC Sep 17 20:21:05] error: HttpRequest: access denied -- client 
> [81.218.187.96]: missing or invalid Authorization header
> 
> But I see the dashboard on the Web and everything seems to work OK there, so 
> what is the problem?
> 
> --
> To unsubscribe:
> https://lists.nongnu.org/mailman/listinfo/monit-general

--
To unsubscribe:
https://lists.nongnu.org/mailman/listinfo/monit-general

error logged - but I don't see a problem

2016-09-17 Thread Moshe Cohen 
When I access Monit from the Web interface, I see the following log line:

[UTC Sep 17 20:21:05] error: HttpRequest: access denied -- client
[81.218.187.96]: missing or invalid Authorization header

But I see the dashboard on the Web and everything seems to work OK there,
so what is the problem?
--
To unsubscribe:
https://lists.nongnu.org/mailman/listinfo/monit-general