[CentOS] Securing http authentication from brute force attacks
Jim Perrin
jperrin at gmail.comMon Jan 11 16:13:30 UTC 2010
- Previous message: [CentOS] Securing http authentication from brute force attacks
- Next message: [CentOS] ntpd appears to not be able to query ntp servers automatically?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Mon, Jan 11, 2010 at 10:59 AM, James B. Byrne <byrnejb at harte-lyne.ca> wrote: > We have several web applications deployed under Apache that require > a user id / password authentication. Some of these use htdigest and > others use the application itself. > > Recently we have experienced several brute force attacks against > some of these services which have been dealt with for the nonce by > changes to iptables. However, I am not convinced that these changes > are the answer. > > Therefore I have been looking at http protection and have run across > a few independently provided modules for Apache http security, > mod_security being one of them. > > I would like the opinion of other CentOS sysadmins who already have > faced this same problem, with respect to the solutions available and > those that they choose for themselves. You can configure fail2ban to help deal with this, along with ssh protection. I'm also heavily in favor of mod_security when it comes to apache protection. -- During times of universal deceit, telling the truth becomes a revolutionary act. George Orwell
- Previous message: [CentOS] Securing http authentication from brute force attacks
- Next message: [CentOS] ntpd appears to not be able to query ntp servers automatically?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list