Limit retries for secured directory with .htaccess file
I'm using Ubuntu 14.04 with apache web server enabled, due to security concern i have password protected apache directory with .htaccess.
Is it possible to block too many password attempts ? Regards, Majid Hussain |
Quote:
See the following examples about their usage: fail2ban, mod_security Regards |
Thank you bathory for your quick response, i had tried fail2ban but it's not working. It doesn't block any thing.
|
Quote:
There is the "apache-auth" jail that does exactly what you want. See the example in my previous post if you need help to configure fail2ban and apache-auth in ubuntu |
I have followed your fail2ban example and did exactly same procedure but unfortunately it's not working, policy didn't banned my ip.
Further i have some other rules as well which are working fine. |
Quote:
? Code:
[apache] Code:
fail2ban-regex '[Tue Jan 31 15:05:58 2017] [error] [client 127.0.0.1] user guest: authentication failure for "/test": Password Mismatch' /etc/fail2ban/filter.d/apache-auth.conf |
Test it?
Code:
fail2ban-regex /var/log/apache2/error.log /etc/fail2ban/filter.d/apache-auth.conf |
I'm getting some thing like below while testing.
Quote:
|
Quote:
|
Have a look
Quote:
|
i assumed that attempt failure logs are not generating at error.logs file as i'm unable to view any entry there further modsecurity is enabled at my server.
modsecurity_audit.log have details of authentication attempts. |
Quote:
Now if mod_security is logging those attempts in a different logfile, then adapt apache-auth regexes accordingly But since you have mod_security enabled, why don't you use it to ban brute-force attacks? |
ok, can you guide me where to add that script which you have posted earlier.
|
Quote:
I think it's self explanatory. In the example the poster uses mod_security to protect /sessions And of course the code goes into the apache config file (apache2.conf for ubuntu), or if it's for a vhost, into the vhost config (/etc/apache2/sites-available/vhost-config) |
Quote:
|
All times are GMT -5. The time now is 12:32 AM. |