Could Apache login support CAPTCHA and lockout?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: users@xxxxxxxxxxxxxxxx
Subject: Could Apache login support CAPTCHA and lockout?
From: Neal Rhodes <neall@xxxxxxxxxxx>
Date: Tue, 04 Oct 2011 08:44:43 -0400
Organization: MNOP Ltd
Reply-to: users@xxxxxxxxxxxxxxxx
Reply-to: neall@xxxxxxxxxxx

We have bunches of web applications which use the regular Apache login protection, and they won't run unless REMOTE_USER is set by the Apache login.

<Limit GET>
require valid-user
</Limit>

<Limit POST PUT DELETE>
require valid-user
</Limit>

AuthName O-Visitor
AuthUserFile /usr/appl/cgi/.htpasswd

AuthType Basic

Looking at improving security, it would seem that it would be much harder to conduct brute-force attacks on these systems if we could configure Apache login to do two things:

A. Present the CAPTCHA style validation prompt as part of the login, to make it difficult for scripted attacks to proceed;
B. Lockout an individual username in the .htpasswd file after X failed login attempts.

Are there flavors of linux apache which have modules to provide this?

Neal Rhodes
MNOP Ltd

Follow-Ups:
- Re: Could Apache login support CAPTCHA and lockout?
  - From: Jeroen Geilman
- Re: Could Apache login support CAPTCHA and lockout?
  - From: Devraj Mukherjee

Prev by Date: Re: Add a Alias
Next by Date: Re: setting mod_fcgid tmp directory?
Previous by thread: Add a Alias
Next by thread: Re: Could Apache login support CAPTCHA and lockout?
Index(es):
- Date
- Thread

[Index of Archives] [Open SSH Users] [Linux ACPI] [Linux Kernel] [Linux Laptop] [Kernel Newbies] [Security] [Netfilter] [Bugtraq] [Squid] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Samba] [Video 4 Linux] [Device Mapper]