From cf6eeadaa3013a2cbaa9b19903da6b451d769362 Mon Sep 17 00:00:00 2001 From: Ilia Rostovtsev Date: Fri, 16 Oct 2020 19:59:53 +0300 Subject: [PATCH] Fix to stop false positive syslogging on page reload --- miniserv.pl | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/miniserv.pl b/miniserv.pl index 3ae79a279..c1a0d5937 100755 --- a/miniserv.pl +++ b/miniserv.pl @@ -4221,6 +4221,13 @@ else { $already_session_id = undef; $method = "GET"; $authuser = $baseauthuser = undef; + + # If login page is simply reloaded, with `session_login.cgi` in URL, + # without having any parameters sent (user set to empty), don't log + # false positive attempt with `Invalid login as from IP` to syslog + $nolog = 1 if (!$vu); + + # Send to log if allowed syslog("crit", "%s", ($nonexist ? "Non-existent" : $expired ? "Expired" : "Invalid").