On Mon, Jan 11, 2010 at 10:59 AM, James B. Byrne <byrnejb@xxxxxxxxxxxxx> wrote:
> We have several web applications deployed under Apache that require
> a user id / password authentication. Some of these use htdigest and
> others use the application itself.
>
> Recently we have experienced several brute force attacks against
> some of these services which have been dealt with for the nonce by
> changes to iptables. However, I am not convinced that these changes
> are the answer.
>
> Therefore I have been looking at http protection and have run across
> a few independently provided modules for Apache http security,
> mod_security being one of them.
>
> I would like the opinion of other CentOS sysadmins who already have
> faced this same problem, with respect to the solutions available and
> those that they choose for themselves.
You can configure fail2ban to help deal with this, along with ssh
protection. I'm also heavily in favor of mod_security when it comes to
apache protection.
--
During times of universal deceit, telling the truth becomes a revolutionary act.
George Orwell
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
