Fix to stop false positive syslogging on page reload

2026-03-20 08:40:24 +00:00 · 2020-10-16 19:59:53 +03:00
parent 523bdc0066
commit cf6eeadaa3
1 changed files with 7 additions and 0 deletions
--- a/miniserv.pl
+++ b/miniserv.pl
@@ -4221,6 +4221,13 @@ else {
 	$already_session_id = undef;
 	$method = "GET";
 	$authuser = $baseauthuser = undef;
+	
+	# If login page is simply reloaded, with `session_login.cgi` in URL,
+	# without having any parameters sent (user set to empty), don't log 
+	# false positive attempt with `Invalid login as  from IP` to syslog
+	$nolog = 1 if (!$vu);
+
+	# Send to log if allowed
 	syslog("crit", "%s",
 		($nonexist ? "Non-existent" :
 		 $expired ? "Expired" : "Invalid").