[CentOS] Securing http authentication from brute force attacks

Mon Jan 11 16:12:07 UTC 2010
John Doe <jdmls at yahoo.com>

From: James B. Byrne <byrnejb at harte-lyne.ca>
> We have several web applications deployed under Apache that require
> a user id / password authentication.  Some of these use htdigest and
> others use the application itself.
> 
> Recently we have experienced several brute force attacks against
> some of these services which have been dealt with for the nonce by
> changes to iptables.  However, I am not convinced that these changes
> are the answer.
> 
> Therefore I have been looking at http protection and have run across
> a few independently provided modules for Apache http security,
> mod_security being one of them.
> 
> I would like the opinion of other CentOS sysadmins who already have
> faced this same problem, with respect to the solutions available and
> those that they choose for themselves.

I did not test it but maybe check:
http://www.zdziarski.com/projects/mod_evasive/

JD