| Author |
|
dke
Joined: 13 Jul 2007
Posts: 61
Location: sweden
|
 Posted: Mon 02 Dec '13 10:21 Post subject: Bruteforce protection for authentication in apache? |
 |
|
Hi!
I was wondering if there's a simple way to implement some kind of authencation bruteforce protection in apache for windows? Right now my authentication never stops asking if user inputs the wrong credentials, this makes me think i'm vounrable for bruteforce attacks which could eventually get through if given the time.
Any ideas what could be done? |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7375
Location: Germany, Next to Hamburg
|
| Posted: Mon 02 Dec '13 11:55 Post subject: |
|
|
| Can you plese post your auth config? |
|
| Back to top |
|
dke
Joined: 13 Jul 2007
Posts: 61
Location: sweden
|
| Posted: Mon 02 Dec '13 13:27 Post subject: |
|
|
i have a very old and basic setup, i used the htpasswd file to create the authentication details and in httpd config it looks like this:
| Code: | <Directory "C:/websites/site1/protected">
Options FollowSymlinks
AllowOverride all
AuthType Basic
AuthName "Auth please."
AuthUserFile C:\htpass\friend
Require user test
</Directory> |
Thanks! |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7375
Location: Germany, Next to Hamburg
|
|
| Back to top |
|
dke
Joined: 13 Jul 2007
Posts: 61
Location: sweden
|
| Posted: Mon 02 Dec '13 15:26 Post subject: |
|
|
| Thank you! |
|
| Back to top |
|
