httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Neal Rhodes <>
Subject [users@httpd] Could Apache login support CAPTCHA and lockout?
Date Tue, 04 Oct 2011 12:44:43 GMT
We have bunches of web applications which use the regular Apache login
protection, and they won't run unless REMOTE_USER is set by the Apache

        <Limit GET>
        require valid-user
        <Limit POST PUT DELETE>
        require valid-user
        AuthName O-Visitor
        AuthUserFile /usr/appl/cgi/.htpasswd
        AuthType Basic

Looking at improving security, it would seem that it would be much
harder to conduct brute-force attacks on these systems if we could
configure Apache login to do two things: 

        A. Present the CAPTCHA style validation prompt as part of the
        login, to make it difficult for scripted attacks to proceed;
        B. Lockout an individual username in the .htpasswd file after X
        failed login attempts.

Are there flavors of linux apache which have modules to provide this? 

Neal Rhodes

View raw message