[CentOS] Securing http authentication from brute force attacks
James B. Byrne
byrnejb at harte-lyne.ca
Mon Jan 11 15:59:53 UTC 2010
We have several web applications deployed under Apache that require
a user id / password authentication. Some of these use htdigest and
others use the application itself.
Recently we have experienced several brute force attacks against
some of these services which have been dealt with for the nonce by
changes to iptables. However, I am not convinced that these changes
are the answer.
Therefore I have been looking at http protection and have run across
a few independently provided modules for Apache http security,
mod_security being one of them.
I would like the opinion of other CentOS sysadmins who already have
faced this same problem, with respect to the solutions available and
those that they choose for themselves.
*** E-Mail is NOT a SECURE channel ***
James B. Byrne mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3
More information about the CentOS