Suggest 403 status when locked

  • I would suggest returning a 403 HTTP status code in case an IP is blocked. That would probably prevent a lot of the hackers from keep trying to access the URL using automated tools even if they are blocked. The problem is that it returns a 200 status code which informs the tools that they just got the password wrong.

  • The topic ‘Suggest 403 status when locked’ is closed to new replies.