Hide Existence of Unauthorized Resources

JFrog Platform Administration Documentation

Content Type
Administration / Platform
ft:sourceType
Paligo

When a user tries to access a resource for which they are not authorized, the default behavior is to indicate that the resource exists but is protected. For example, an anonymous request will result in a request for authentication (401), and a request by an unauthorized authenticated user will simply be denied (403).

Select Hide Existence of Unauthorized Resources to return a 404 (instead of 403) - Not Found response.

Alternatively, update the Global Configuration Descriptor to set this parameter globally (for all virtual repositories) or for specific repository:Global Configuration Descriptor

Note

<security>
    <hideUnauthorizedResources>false</hideUnauthorizedResources>
</security>
<virtualRepositories>
        <virtualRepository>
          <hideUnauthorizedResources>false</hideUnauthorizedResources>
   </virtualRepository>
</virtualRepositories>