HTTP Status Code 401 and when to pay attention
HTTP Responses with Status Code 401 are not always important and are actually expected behavior...in some cases. When a user attempts to access a website that requires authentication, be it basic or forms based authentication, and authentication hasn't been provided the web server will respond with an HTTP Status Code 401 with a header requesting a type of authentication.
If a user the inputs their/some credentials and attempts to gain access to the resource, the typical response by the server is to return another 401 Status Code re-requesting authorization. This is the point where the 401s actually become interesting.
Users may also be presented with a 403 Forbidden status code if numerous attempts are made or if authentication passes but authorization does not, if a user attempts to access the file/directory listing, and various other reasons.
This bundle will watch for requests where authorization is provided, fails, and is requested again and will record the client IP, the Web Item being requested, and the status code response from the web server. It includes the trigger to record the appropriate metrics and the page to display the count and rate of these failed authentication attempts.