Hey there! First post here! Long time MIAB user!
I’d never tried this before, but today I navigated to all of the pages in the primary navigation while I was not logged in, and noticed a few odd things – one might be a bug but I wanted to get some feedback before hitting GitHub.
Firstly, a minor point: I don’t like that the page flashes quickly and then back to the sign-in screen. There isn’t any sensitive data available to leak (this seems like just a web app UI glitch) but it does show the unpopulated page contents for a split second, which feels clunky.
Secondly, the External DNS page does not feel clunky like above; something worse happens for me. When I try to access it, it attempts to load the contents of the page, times out, and ultimately bans my IP address as having tried to DoS it. My assumption is because I’m not logged in, it is making a bunch of unauthenticated requests for each domain, and getting trapped in UFW (or fail2ban, or whatever?)
Anyone able to duplicate this? If so, I’ll move this over to GitHub and see if I can get a PR going.
Thanks!