httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Devraj Mukherjee <dev...@gmail.com>
Subject Re: [users@httpd] Could Apache login support CAPTCHA and lockout?
Date Wed, 05 Oct 2011 01:23:05 GMT
Hi Neal,

I have used http://authmemcookie.sourceforge.net/ previously to create
a form based authentication for web sites.

The form can be in any scripting language Apache supports so CAPTCHA
should be easy to implement.

On Tue, Oct 4, 2011 at 11:44 PM, Neal Rhodes <neall@mnopltd.com> wrote:
> We have bunches of web applications which use the regular Apache login
> protection, and they won't run unless REMOTE_USER is set by the Apache
> login.
>
> <Limit GET>
> require valid-user
> </Limit>
>
> <Limit POST PUT DELETE>
> require valid-user
> </Limit>
>
> AuthName O-Visitor
> AuthUserFile /usr/appl/cgi/.htpasswd
>
> AuthType Basic
>
>
> Looking at improving security, it would seem that it would be much harder to
> conduct brute-force attacks on these systems if we could configure Apache
> login to do two things:
>
> A. Present the CAPTCHA style validation prompt as part of the login, to make
> it difficult for scripted attacks to proceed;
> B. Lockout an individual username in the .htpasswd file after X failed login
> attempts.
>
> Are there flavors of linux apache which have modules to provide this?
>
>
> Neal Rhodes
> MNOP Ltd
>
>

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message