LinuxQuestions.org
Page 2 of 2 1 2
Show 50 post(s) from this thread on one page

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Limit retries for secured directory with .htaccess file (https://www.linuxquestions.org/questions/linux-newbie-8/limit-retries-for-secured-directory-with-htaccess-file-4175598607/)

bathory 02-01-2017 07:53 AM
Quote:
Originally Posted by gemmajid (Post 5663311)
I have followed the modsecurity example mentioned by you earlier, i have entered codes in vhost file as well but no success yet.
Could you be more specific? Give some logs or post your configuration

sundialsvcs 02-01-2017 10:13 AM
If you truly need to wall-off Apache – or any other application – then I suggest that AppArmor technology is a very good thing to use.

It employs many of the same operating-system hooks as SELinux (Security-Enhanced Linux), but IMHO it is considerably easier to understand and therefore to use.

Habitual 02-01-2017 11:20 AM
htpasswd is "basic authorization".
See http://serverfault.com/questions/350...credent#350197
suggests PAM module.

If the directory is using "basic authorization" why should those known to the system need limiting?

gemmajid 02-06-2017 12:24 AM
below mentioned is my configuration file.

Quote:
# domain: Test Domain
# public: /var/www/Test Domain/public_html/

<VirtualHost *:80>
# Admin email, Server Name (domain name), and any aliases
ServerAdmin webmaster@testdomain
ServerName www.test domain.com
ServerAlias testdomain.com

# Index file and Document Root (where the public files are located)
DirectoryIndex index.html index.php
DocumentRoot /var/www/test domain/public_html
# Log file locations
LogLevel warn
ErrorLog /var/www/testdomain/log/error.log
CustomLog /var/www/testdomain/log/access.log combined

<LocationMatch /sessions>
# Uncomment to troubleshoot
#SecDebugLogLevel 9
#SecDebugLog /tmp/troubleshooting.log

# Enforce an existing IP address block
SecRule IP:bf_block "@eq 1" \
"phase:2,deny,\
msg:'IP address blocked because of suspected brute-force attack'"

# Check that this is a POST
SecRule REQUEST_METHOD "@streq POST" "phase:5,chain,t:none,nolog,pass"
# AND Check for authentication failure and increment counters
# NOTE this is for a Rails application, you probably need to customize this
SecRule RESPONSE_STATUS "^200" \
"setvar:IP.bf_counter=+1"

# Check for too many failures from a single IP address. Block for 10 minutes.
SecRule IP:bf_counter "@ge 3" \
"phase:5,pass,t:none, \
setvar:IP.bf_block,\
setvar:!IP.bf_counter,\
expirevar:IP.bf_block=600"
</LocationMatch>
</VirtualHost>

bathory 02-06-2017 02:42 AM
Quote:
below mentioned is my configuration file.
What you've done is a copy/paste of the example I gave you and you expect it to work in your case! Did you bother reading at least the comments?

This example is written for Rails and works after 3 failed POSTs. What have you done to test it?

Also did you look at the apache logs?
I guess you need to at least change the 200 Response to 401 and most likely the POST to GET


All times are GMT -5. The time now is 06:50 PM.
Page 2 of 2 1 2
Show 50 post(s) from this thread on one page