login attempts to web-page. (time limits)
Hello,
I'm wondering if it's possible to force some time-out between logon attempts to web pages hosted on an apache2 server.
I have the server running on my machine and just to test my security, a friend tried with brutus to force-guess the password. There I can see that there are lots of authentication requests every second.
I would like to know if it's possible to force some timeout between those attempts like say 1 or 2 seconds, then even those forcers have to try much much longer to crack the pwd. Like 1 attempt / second instead of 130.
Also, this 1 second time-out doesn't bother real logins when missing accidentally.
thanks for help.
If it is mentioned in the manual for apache, then I missed it, please point me to the right chapter then. thanks.
Lieven
|