On Mon, Jan 11, 2010 at 10:59 AM, James B. Byrne byrnejb@harte-lyne.ca wrote:
We have several web applications deployed under Apache that require a user id / password authentication. Some of these use htdigest and others use the application itself.
Recently we have experienced several brute force attacks against some of these services which have been dealt with for the nonce by changes to iptables. However, I am not convinced that these changes are the answer.
Therefore I have been looking at http protection and have run across a few independently provided modules for Apache http security, mod_security being one of them.
I would like the opinion of other CentOS sysadmins who already have faced this same problem, with respect to the solutions available and those that they choose for themselves.
You can configure fail2ban to help deal with this, along with ssh protection. I'm also heavily in favor of mod_security when it comes to apache protection.