httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Devraj Mukherjee <>
Subject Re: [users@httpd] Could Apache login support CAPTCHA and lockout?
Date Wed, 05 Oct 2011 01:23:05 GMT
Hi Neal,

I have used previously to create
a form based authentication for web sites.

The form can be in any scripting language Apache supports so CAPTCHA
should be easy to implement.

On Tue, Oct 4, 2011 at 11:44 PM, Neal Rhodes <> wrote:
> We have bunches of web applications which use the regular Apache login
> protection, and they won't run unless REMOTE_USER is set by the Apache
> login.
> <Limit GET>
> require valid-user
> </Limit>
> require valid-user
> </Limit>
> AuthName O-Visitor
> AuthUserFile /usr/appl/cgi/.htpasswd
> AuthType Basic
> Looking at improving security, it would seem that it would be much harder to
> conduct brute-force attacks on these systems if we could configure Apache
> login to do two things:
> A. Present the CAPTCHA style validation prompt as part of the login, to make
> it difficult for scripted attacks to proceed;
> B. Lockout an individual username in the .htpasswd file after X failed login
> attempts.
> Are there flavors of linux apache which have modules to provide this?
> Neal Rhodes
> MNOP Ltd

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message