[CentOS] Securing http authentication from brute force attacks
James B. Byrne
byrnejb at harte-lyne.caMon Jan 11 15:59:53 UTC 2010
- Previous message: [CentOS] Select pam module for select users
- Next message: [CentOS] Securing http authentication from brute force attacks
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
We have several web applications deployed under Apache that require a user id / password authentication. Some of these use htdigest and others use the application itself. Recently we have experienced several brute force attacks against some of these services which have been dealt with for the nonce by changes to iptables. However, I am not convinced that these changes are the answer. Therefore I have been looking at http protection and have run across a few independently provided modules for Apache http security, mod_security being one of them. I would like the opinion of other CentOS sysadmins who already have faced this same problem, with respect to the solutions available and those that they choose for themselves. Sincerely, -- *** E-Mail is NOT a SECURE channel *** James B. Byrne mailto:ByrneJB at Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3
- Previous message: [CentOS] Select pam module for select users
- Next message: [CentOS] Securing http authentication from brute force attacks
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list