Return 403 Forbidden instead of 401

401 Unauthorized suggests that the requests can be retried with appropriate credentials. 403 explicitly states that the request should not be repeated. See #41
2026-03-25 09:25:49 +00:00 · 2014-02-06 21:32:51 +01:00 · 2014-02-06 21:32:51 +01:00 · 97a43f7e66
commit 97a43f7e66
parent d79fda80d6
4 changed files with 8 additions and 8 deletions
--- a/lib/rack/attack.rb
+++ b/lib/rack/attack.rb
@ -40,7 +40,7 @@ module Rack::Attack

      # Set defaults
      @notifier ||= ActiveSupport::Notifications if defined?(ActiveSupport::Notifications)
-      @blacklisted_response ||= lambda {|env| [401, {}, ["Unauthorized\n"]] }
+      @blacklisted_response ||= lambda {|env| [403, {}, ["Unauthorized\n"]] }
      @throttled_response   ||= lambda {|env|
        retry_after = env['rack.attack.match_data'][:period] rescue nil
        [429, {'Retry-After' => retry_after.to_s}, ["Retry later\n"]]
--- a/spec/allow2ban_spec.rb
+++ b/spec/allow2ban_spec.rb
@ -83,7 +83,7 @@ describe 'Rack::Attack.Allow2Ban' do
      end

      it 'fails' do
-        last_response.status.must_equal 401
+        last_response.status.must_equal 403
      end

      it 'does not increase fail count' do
@ -103,7 +103,7 @@ describe 'Rack::Attack.Allow2Ban' do
      end

      it 'fails' do
-        last_response.status.must_equal 401
+        last_response.status.must_equal 403
      end

      it 'does not increase fail count' do
--- a/spec/fail2ban_spec.rb
+++ b/spec/fail2ban_spec.rb
@ -24,7 +24,7 @@ describe 'Rack::Attack.Fail2Ban' do
      describe 'when not at maxretry' do
        before { get '/?foo=OMGHAX', {}, 'REMOTE_ADDR' => '1.2.3.4' }
        it 'fails' do
-          last_response.status.must_equal 401
+          last_response.status.must_equal 403
        end

        it 'increases fail count' do
@ -46,7 +46,7 @@ describe 'Rack::Attack.Fail2Ban' do
        end

        it 'fails' do
-          last_response.status.must_equal 401
+          last_response.status.must_equal 403
        end

        it 'increases fail count' do
@ -83,7 +83,7 @@ describe 'Rack::Attack.Fail2Ban' do
      end

      it 'fails' do
-        last_response.status.must_equal 401
+        last_response.status.must_equal 403
      end

      it 'does not increase fail count' do
@ -103,7 +103,7 @@ describe 'Rack::Attack.Fail2Ban' do
      end

      it 'fails' do
-        last_response.status.must_equal 401
+        last_response.status.must_equal 403
      end

      it 'does not increase fail count' do
--- a/spec/rack_attack_spec.rb
+++ b/spec/rack_attack_spec.rb
@ -15,7 +15,7 @@ describe 'Rack::Attack' do
      before { get '/', {}, 'REMOTE_ADDR' => @bad_ip }
      it "should return a blacklist response" do
        get '/', {}, 'REMOTE_ADDR' => @bad_ip
-        last_response.status.must_equal 401
+        last_response.status.must_equal 403
      end
      it "should tag the env" do
        last_request.env['rack.attack.matched'].must_equal "ip #{@bad_ip}"