Details

    • Type: Bug
    • Status: Resolved
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: 5.8.4
    • Fix Version/s: None
    • Component/s: Logging, Security
    • Labels:

      Description

      In Artifactory's access.log, all accesses are logged with the proper IP address, EXCEPT "DENIED LOGIN" via repository URLs. If a remote client directly accesses a repository/artifact URL (e.g. via Maven) with incorrect credentials, the IP of the Artifactory server itself will be logged.

      The issue seems to be regardless of auth backend and reverse proxy. I have tested it against LDAP and local users and trough the reverse proxy and with direct access. The result always is the same.

      Steps to reproduce

      1. install Artifactory
      2. turn anonymous access off
      3. create a user
      4. create a repository
      5. (maybe optional) deploy an artifact
      6. access the artifact's URL directly while providing a wrong password for the user

        Attachments

          Activity

            People

            • Assignee:
              hezic Hezi Cohen
              Reporter:
              sbreitbach Steffen Breitbach
            • Votes:
              6 Vote for this issue
              Watchers:
              11 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: